10-K 1 box-20240131.htm 10-K 10-K
false0001372612FYOne yearthree yearstwo yearsP1Y6M20.06250.06250001372612us-gaap:ResearchAndDevelopmentExpenseMember2021-02-012022-01-310001372612us-gaap:ConvertibleDebtSecuritiesMember2021-02-012022-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2023-01-310001372612box:CapitalizationRequirementInCurrentYearMember2024-01-310001372612us-gaap:SellingAndMarketingExpenseMember2021-02-012022-01-310001372612us-gaap:AdditionalPaidInCapitalMember2022-02-012023-01-310001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2023-02-012024-01-310001372612box:SeriesAConvertiblePreferredStockMember2021-02-012022-01-310001372612box:ExecutiveBonusPlansMember2022-02-012023-01-310001372612box:FiscalTwoThousandAndTwentyFourExecutiveBonusPlanMember2024-01-310001372612us-gaap:AdditionalPaidInCapitalMember2021-01-310001372612us-gaap:ForeignCountryMember2023-02-012024-01-310001372612us-gaap:RevolvingCreditFacilityMembersrt:MaximumMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2023-02-012024-01-310001372612box:TwentyFifteenEquityIncentivePlanMemberus-gaap:RestrictedStockUnitsRSUMember2023-02-012024-01-310001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2024-01-310001372612srt:MinimumMember2024-01-310001372612box:SeriesAConvertiblePreferredStockMemberbox:KKRCreditAdvisorsUSLLCMember2021-04-072021-04-070001372612us-gaap:RetainedEarningsMember2023-01-310001372612box:ServersAndRelatedEquipmentAndConstructionInProgressMember2023-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMembersrt:MinimumMember2023-02-012024-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2023-02-012024-01-310001372612us-gaap:GeneralAndAdministrativeExpenseMember2022-02-012023-01-310001372612country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-02-012022-01-310001372612srt:MaximumMemberbox:TwentyFifteenEmployeeStockPurchasePlanMember2020-02-012021-01-310001372612box:ShareRepurchasePlanMember2024-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-02-012023-01-310001372612us-gaap:EmployeeStockOptionMember2023-02-012024-01-310001372612box:ZeroPointZeroPercentConvertibleNotesDueTwoThousandTwentySixMemberus-gaap:FairValueInputsLevel2Memberus-gaap:SeniorNotesMember2023-01-310001372612srt:MaximumMemberbox:TwentyFifteenEmployeeStockPurchasePlanMember2021-02-012022-01-310001372612srt:MaximumMember2024-01-310001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2022-01-310001372612us-gaap:GeneralAndAdministrativeExpenseMember2021-02-012022-01-3100013726122023-07-310001372612srt:MaximumMemberbox:TwentyFifteenEmployeeStockPurchasePlanMember2022-02-012023-01-310001372612us-gaap:GeneralAndAdministrativeExpenseMember2023-02-012024-01-310001372612srt:MinimumMember2023-02-012024-01-310001372612us-gaap:SeriesAPreferredStockMember2021-04-072021-04-070001372612us-gaap:SeriesAPreferredStockMember2021-04-070001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:NovemberTwoThousandSeventeenFacilityMember2017-11-2700013726122023-02-012024-01-310001372612us-gaap:EmployeeStockMember2021-02-012022-01-310001372612us-gaap:FurnitureAndFixturesMember2023-01-310001372612us-gaap:CommonClassAMember2021-04-072021-04-070001372612us-gaap:RetainedEarningsMember2024-01-310001372612box:SeriesAConvertiblePreferredStockMember2022-02-012023-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2024-01-310001372612us-gaap:RetainedEarningsMember2023-02-012024-01-310001372612box:ZeroPointZeroPercentConvertibleNotesDueTwoThousandTwentySixMemberus-gaap:FairValueInputsLevel2Memberus-gaap:SeniorNotesMember2024-01-310001372612us-gaap:SoftwareLicenseArrangementMember2023-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2022-02-012023-01-310001372612us-gaap:USTreasurySecuritiesMember2024-01-310001372612us-gaap:DomesticCountryMember2023-02-012024-01-310001372612us-gaap:InterestRateSwapMember2024-01-310001372612us-gaap:RevolvingCreditFacilityMembersrt:MaximumMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMemberbox:AdjustedTermSecuredOvernightFinancingRateSofrOvernightIndexSwapRateMember2023-02-012024-01-310001372612country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-02-012023-01-310001372612us-gaap:DevelopedTechnologyRightsMember2023-01-310001372612us-gaap:ConvertiblePreferredStockMember2023-01-310001372612us-gaap:CreditConcentrationRiskMemberus-gaap:AccountsReceivableMember2023-02-012024-01-310001372612us-gaap:SoftwareDevelopmentMember2024-01-310001372612srt:MaximumMember2023-02-012024-01-310001372612box:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberus-gaap:ConvertibleDebtMember2021-01-310001372612us-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-02-012024-01-310001372612country:JPus-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMember2023-02-012024-01-310001372612us-gaap:SellingAndMarketingExpenseMember2022-02-012023-01-310001372612us-gaap:ShareBasedCompensationAwardTrancheTwoMemberbox:TwentyFifteenEquityIncentivePlanMemberus-gaap:RestrictedStockUnitsRSUMember2023-02-012024-01-310001372612us-gaap:InterestRateSwapMember2023-02-012024-01-310001372612us-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMemberbox:DebtInstrumentConvertibleTermsOfConversionFeatureCircumstancesOneMember2023-06-012023-06-3000013726122024-02-290001372612country:JPus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-02-012022-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2022-01-310001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2021-02-012022-01-3100013726122023-11-012024-01-310001372612us-gaap:MoneyMarketFundsMember2024-01-310001372612us-gaap:SeriesAPreferredStockMemberbox:SeventhAnniversaryOfClosingDateMember2021-04-072021-04-070001372612us-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2021-02-012022-01-310001372612us-gaap:CostOfSalesMember2023-02-012024-01-310001372612us-gaap:LeaseholdImprovementsMember2024-01-310001372612us-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2023-06-012023-06-300001372612box:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberus-gaap:ConvertibleDebtMember2020-02-012021-01-310001372612us-gaap:ConvertibleDebtMemberbox:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMember2023-02-012024-01-3100013726122025-02-012024-01-310001372612us-gaap:CustomerConcentrationRiskMemberbox:SignificantCustomerMemberus-gaap:SalesRevenueNetMember2022-02-012023-01-310001372612us-gaap:ConvertibleDebtMemberbox:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberbox:DebtInstrumentRedemptionPeriodOnOrAfterJanuaryTwentyTwoThousandTwentyFourMember2023-02-012024-01-310001372612us-gaap:SecuredDebtMemberus-gaap:LetterOfCreditMemberbox:WellsFargoBankMemberbox:NovemberTwoThousandSeventeenFacilityMember2017-11-270001372612us-gaap:CostOfSalesMember2022-02-012023-01-310001372612box:SixthAnniversaryOfClosingDateMemberus-gaap:SeriesAPreferredStockMember2021-04-072021-04-070001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2022-02-012023-01-310001372612us-gaap:SoftwareLicenseArrangementMember2024-01-310001372612us-gaap:AdditionalPaidInCapitalMembersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:AccountingStandardsUpdate202006Member2021-01-310001372612us-gaap:CommonClassAMember2023-01-310001372612us-gaap:CustomerConcentrationRiskMemberbox:SignificantCustomerMemberus-gaap:SalesRevenueNetMember2023-02-012024-01-310001372612us-gaap:ConvertiblePreferredStockMember2021-02-012022-01-310001372612us-gaap:AdditionalPaidInCapitalMember2023-02-012024-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMemberbox:AdjustedTermSecuredOvernightFinancingRateSofrOvernightIndexSwapRateMembersrt:MinimumMember2023-02-012024-01-3100013726122022-02-012023-01-310001372612us-gaap:RetainedEarningsMemberus-gaap:AccountingStandardsUpdate202006Membersrt:CumulativeEffectPeriodOfAdoptionAdjustmentMember2021-01-310001372612us-gaap:ResearchAndDevelopmentExpenseMember2023-02-012024-01-310001372612us-gaap:RetainedEarningsMember2021-02-012022-01-310001372612box:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberus-gaap:ConvertibleDebtMemberbox:DebtInstrumentConvertibleTermsOfConversionFeatureCircumstancesTwoMember2023-02-012024-01-310001372612us-gaap:RetainedEarningsMember2022-01-310001372612us-gaap:CreditConcentrationRiskMemberbox:SignificantCustomerMemberus-gaap:AccountsReceivableMember2023-02-012024-01-310001372612us-gaap:CostOfSalesMember2021-02-012022-01-310001372612country:GB2023-02-012024-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-01-310001372612box:ShareRepurchasePlanMemberbox:BoardOfDirectorsMemberus-gaap:SubsequentEventMember2024-03-040001372612us-gaap:EmployeeStockOptionMember2023-02-012024-01-310001372612us-gaap:SecuredDebtMemberus-gaap:LetterOfCreditMemberbox:WellsFargoBankMemberbox:NovemberTwoThousandSeventeenFacilityMember2024-01-310001372612box:ExecutiveBonusPlansMember2023-02-012024-01-310001372612country:USus-gaap:GeographicConcentrationRiskMemberus-gaap:SalesRevenueNetMember2023-02-012024-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMembersrt:MinimumMember2021-02-012022-01-3100013726122024-02-012024-01-310001372612us-gaap:SoftwareAndSoftwareDevelopmentCostsMembersrt:MaximumMember2024-01-310001372612us-gaap:CustomerConcentrationRiskMemberbox:SignificantCustomerMemberus-gaap:SalesRevenueNetMember2021-02-012022-01-310001372612us-gaap:ConvertibleDebtMemberbox:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMember2024-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMembersrt:MaximumMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMemberus-gaap:SecuredOvernightFinancingRateSofrOvernightIndexSwapRateMember2023-02-012024-01-310001372612box:SeriesAConvertiblePreferredStockMember2023-02-012024-01-310001372612us-gaap:ConvertiblePreferredStockMember2023-02-012024-01-310001372612us-gaap:EmployeeStockOptionMember2021-02-012022-01-310001372612us-gaap:StateAndLocalJurisdictionMember2024-01-310001372612us-gaap:ComputerEquipmentMember2023-01-310001372612us-gaap:USTreasurySecuritiesMember2023-01-310001372612us-gaap:DevelopedTechnologyRightsMember2024-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2023-02-012024-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2023-02-012024-01-310001372612us-gaap:CommonClassAMember2023-02-012024-01-310001372612us-gaap:ConstructionInProgressMember2024-01-310001372612us-gaap:DomesticCountryMember2024-01-310001372612box:ShareRepurchasePlanMemberus-gaap:CommonClassAMember2022-02-012023-01-310001372612us-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMembersrt:MinimumMember2023-06-300001372612us-gaap:SellingAndMarketingExpenseMember2023-02-012024-01-310001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2023-01-310001372612us-gaap:AdditionalPaidInCapitalMember2021-02-012022-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMember2023-02-012024-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2022-01-310001372612us-gaap:AdditionalPaidInCapitalMember2022-01-310001372612country:GB2023-11-012024-01-310001372612box:TwentyFifteenEquityIncentivePlanMemberus-gaap:CommonClassAMember2024-01-310001372612box:KKRCreditAdvisorsUSLLCMemberus-gaap:SeriesAPreferredStockMember2021-04-072021-04-070001372612us-gaap:CustomerConcentrationRiskMemberus-gaap:SalesRevenueNetMember2022-02-012023-01-310001372612us-gaap:CommonClassAMember2024-01-310001372612us-gaap:ConvertiblePreferredStockMember2024-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2021-02-012022-01-310001372612us-gaap:SecuredDebtMemberus-gaap:LetterOfCreditMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2023-06-300001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2024-01-310001372612us-gaap:CreditConcentrationRiskMemberus-gaap:AccountsReceivableMember2022-02-012023-01-310001372612box:SeriesAConvertiblePreferredStockMemberbox:KKRCreditAdvisorsUSLLCMember2021-04-070001372612us-gaap:CreditConcentrationRiskMemberbox:SignificantCustomerMemberus-gaap:AccountsReceivableMember2022-02-012023-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMemberus-gaap:SecuredOvernightFinancingRateSofrOvernightIndexSwapRateMembersrt:MinimumMember2023-02-012024-01-310001372612box:CapitalizationRequirementInCurrentYearMember2023-01-310001372612us-gaap:ForeignCountryMember2024-01-310001372612box:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberus-gaap:ConvertibleDebtMember2023-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2023-06-300001372612us-gaap:StateAndLocalJurisdictionMember2023-02-012024-01-310001372612box:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberus-gaap:ConvertibleDebtMember2021-06-302021-06-300001372612us-gaap:CommonClassAMemberus-gaap:CommonStockMember2021-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2023-01-3100013726122023-01-310001372612us-gaap:ConstructionInProgressMember2023-01-310001372612box:ZeroPointZeroPercentConvertibleNotesDueTwoThousandTwentySixMemberus-gaap:SeniorNotesMember2021-01-012021-01-310001372612box:ShareRepurchasePlanMemberus-gaap:SubsequentEventMember2024-03-040001372612us-gaap:SoftwareDevelopmentMember2023-02-012024-01-310001372612us-gaap:SoftwareDevelopmentMember2023-01-310001372612us-gaap:ConvertiblePreferredStockMember2022-01-310001372612us-gaap:RetainedEarningsMember2021-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMembersrt:MinimumMember2022-02-012023-01-310001372612us-gaap:LeaseholdImprovementsMember2023-01-310001372612us-gaap:RetainedEarningsMember2022-02-012023-01-310001372612us-gaap:ConvertiblePreferredStockMember2022-02-012023-01-310001372612us-gaap:TechnologyEquipmentMember2023-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMember2022-02-012023-01-310001372612us-gaap:ComputerEquipmentMember2024-01-3100013726122024-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-02-012022-01-310001372612us-gaap:EmployeeStockMember2023-02-012024-01-3100013726122021-01-310001372612box:ZeroPointZeroPercentConvertibleNotesDueTwoThousandTwentySixMemberus-gaap:SeniorNotesMember2021-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMember2020-02-012021-01-310001372612us-gaap:ConvertibleDebtMemberbox:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMemberbox:DebtInstrumentConvertibleTermsOfConversionFeatureCircumstancesOneMember2023-02-012024-01-310001372612us-gaap:SecuredDebtMemberus-gaap:LetterOfCreditMemberbox:WellsFargoBankMemberbox:NovemberTwoThousandSeventeenFacilityMember2023-01-310001372612us-gaap:MoneyMarketFundsMember2023-01-310001372612us-gaap:AdditionalPaidInCapitalMember2023-01-310001372612box:TwentyFifteenEquityIncentivePlanMemberus-gaap:ShareBasedCompensationAwardTrancheThreeMemberus-gaap:RestrictedStockUnitsRSUMember2023-02-012024-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMembersrt:MaximumMemberus-gaap:PrimeRateMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMember2023-02-012024-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2022-02-012023-01-310001372612us-gaap:SoftwareDevelopmentMember2024-01-310001372612box:FifthAnniversaryOfClosingDateMemberus-gaap:SeriesAPreferredStockMember2021-04-072021-04-070001372612us-gaap:CommonClassAMemberbox:TwentyFifteenEmployeeStockPurchasePlanMember2024-01-310001372612us-gaap:ConvertibleDebtMemberbox:ZeroPointZeroZeroPercentConvertibleSeniorNotesDueJanuaryFifteenTwoThousandTwentySixMember2021-06-300001372612us-gaap:ForeignGovernmentDebtSecuritiesMember2024-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberus-gaap:PrimeRateMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMembersrt:MinimumMember2023-02-012024-01-310001372612srt:CumulativeEffectPeriodOfAdoptionAdjustmentMemberus-gaap:AccountingStandardsUpdate202006Member2021-01-3100013726122022-01-310001372612us-gaap:ShareBasedCompensationAwardTrancheOneMemberbox:TwentyFifteenEquityIncentivePlanMemberus-gaap:RestrictedStockUnitsRSUMember2023-02-012024-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMember2024-01-310001372612us-gaap:EmployeeStockMember2022-02-012023-01-310001372612us-gaap:AccumulatedOtherComprehensiveIncomeMember2021-01-310001372612us-gaap:FurnitureAndFixturesMember2024-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMember2021-02-012022-01-310001372612us-gaap:RestrictedStockUnitsRSUMember2024-01-310001372612box:SeriesAConvertiblePreferredStockMemberbox:KKRCreditAdvisorsUSLLCMember2021-05-122021-05-120001372612us-gaap:AdditionalPaidInCapitalMember2024-01-310001372612box:ShareRepurchasePlanMemberus-gaap:CommonClassAMember2023-02-012024-01-310001372612box:TwentyFifteenEmployeeStockPurchasePlanMembersrt:MinimumMember2020-02-012021-01-3100013726122021-02-012022-01-310001372612us-gaap:RevolvingCreditFacilityMemberus-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:NovemberTwoThousandSeventeenFacilityMember2017-11-262017-11-270001372612country:JPus-gaap:SalesRevenueNetMemberus-gaap:GeographicConcentrationRiskMember2022-02-012023-01-310001372612us-gaap:ResearchAndDevelopmentExpenseMember2022-02-012023-01-310001372612us-gaap:SecuredDebtMemberbox:WellsFargoBankMemberbox:JuneTwoThousandTwentyThreeFacilityMemberbox:DebtInstrumentConvertibleTermsOfConversionFeatureCircumstancesTwoMember2023-06-012023-06-30iso4217:USDxbrli:sharesbox:Sourcebox:Leasebox:Segmentxbrli:purexbrli:sharesbox:TradingDayiso4217:USD

 

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

FORM 10-K

 

(Mark One)

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended January 31, 2024

OR

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

FOR THE TRANSITION PERIOD FROM TO

Commission File Number 001-36805

 

Box, Inc.

(Exact name of registrant as specified in its Charter)

 

Delaware

 

20-2714444

(State or other jurisdiction of

incorporation or organization)

 

(I.R.S. Employer

Identification No.)

900 Jefferson Ave.

Redwood City, California 94063

(Address of principal executive offices and Zip Code)

(877) 729-4269

(Registrant’s telephone number, including area code)

 

Securities registered pursuant to Section 12(b) of the Act:

 

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Class A Common Stock, $0.0001 par value
per share

BOX

New York Stock Exchange

Securities registered pursuant to Section 12(g) of the Act: None

 

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. YesNo

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act (the Exchange Act). YesNo

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Exchange Act during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. YesNo

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). YesNo

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

 

Large accelerated filer

Accelerated filer

Non-accelerated filer

Smaller reporting company

 

 

Emerging growth company

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.

If securities are registered pursuant to Section 12(b) of the Exchange Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements.

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant's executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). YES ☐ NO

The aggregate market value of the voting and non-voting common equity held by non-affiliates of the registrant, based on the closing price of a share of the registrant’s Class A common stock on July 31, 2023 as reported by the New York Stock Exchange on such date was approximately $4.3 billion. Shares of the registrant’s Class A common stock held by each executive officer and director of the registrant have been excluded in that such persons may be deemed to be affiliates. This calculation does not reflect a determination that certain persons are affiliates of the registrant for any other purpose.

As of February 29, 2024, the number of shares of the registrant’s Class A common stock outstanding was 144,353,060.

Portions of the registrant’s Definitive Proxy Statement relating to the Annual Meeting of Stockholders are incorporated by reference into Part III of this Annual Report on Form 10-K where indicated. Such Definitive Proxy Statement will be filed with the Securities and Exchange Commission within 120 days after the end of the registrant’s fiscal year ended January 31, 2024.

 

 

 


 

Box, Inc.

Annual Report on Form 10-K

For the Fiscal Year Ended January 31, 2024

TABLE OF CONTENTS

 

 

 

Page

 

 

 

 

 

 

PART I

 

 

 

 

 

 

Item 1.

 

Business

 

5

Item 1A.

 

Risk Factors

 

17

Item 1B.

 

Unresolved Staff Comments

 

46

Item 1C.

 

Cybersecurity

 

46

Item 2.

 

Properties

 

47

Item 3.

 

Legal Proceedings

 

47

Item 4.

 

Mine Safety Disclosures

 

47

 

 

 

 

 

 

PART II

 

 

 

 

 

 

 

Item 5.

 

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

 

48

Item 6.

 

Reserved

 

50

Item 7.

 

Management’s Discussion and Analysis of Financial Condition and Results of Operations

 

51

Item 7A.

 

Quantitative and Qualitative Disclosures About Market Risk

 

67

Item 8.

 

Financial Statements and Supplementary Data

 

68

Item 9.

 

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

 

100

Item 9A.

 

Controls and Procedures

 

100

Item 9B.

 

Other Information

 

100

Item 9C.

 

Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

 

100

 

 

 

 

 

 

PART III

 

 

 

 

 

 

 

Item 10.

 

Directors, Executive Officers and Corporate Governance

 

101

Item 11.

 

Executive Compensation

 

101

Item 12.

 

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

 

101

Item 13.

 

Certain Relationships and Related Transactions, and Director Independence

 

101

Item 14.

 

Principal Accountant Fees and Services

 

101

 

 

 

 

 

 

PART IV

 

 

 

 

 

 

Item 15.

 

Exhibits, Financial Statement Schedules

 

102

Item 16

 

Form 10-K Summary

 

102

 

Signatures

 

107

 

2


 

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “could,” “intends,” “target,” “projects,” “contemplates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions. Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about:

our future financial and operating results; including expectations regarding revenue, deferred revenue, billings, remaining performance obligations, gross margins, operating income, and net retention rate;
our ability to maintain an adequate rate of revenue and billings growth and our expectations regarding such growth;
our market opportunity, business plan and ability to effectively manage our growth;
the effects of global economic conditions on our business and the impact of foreign exchange rates on our business;
our ability to maintain profitability and expand or maintain positive cash flow;
our ability to achieve our long-term and short-term gross and operating margin objectives;
our ability to grow our remaining performance obligations;
our expectations regarding our revenue mix;
our ability to maintain, protect and enhance our brand and intellectual property;
costs associated with defending intellectual property infringement and other claims and the frequency of such claims;
our ability to attract and retain end-customers;
our ability to further penetrate our existing customer base and expand their use of our services;
our ability to displace existing products in established markets;
our expectations regarding timing of new products, product bundles and features;
our ability to expand our leadership position as a cloud content management platform;
our ability to timely and effectively scale and adapt our new and existing technology;
our ability to innovate new products and features and bring them to market in a timely manner and the expected benefits to customers and potential customers of our products;
our investment strategy, including our plans to further invest in our business, including investment in research and development, sales and marketing, public cloud hosting and our professional services organization, and our ability to effectively manage such investments;
our ability to expand internationally;
expectations about competition and its effect in our market and our ability to compete;
use of financial measures not calculated in accordance with accounting principles generally accepted in the United States (GAAP);
our belief regarding the sufficiency of our cash, cash equivalents and our credit facilities to meet our working capital and capital expenditure needs for at least the next 12 months;

3


 

our expectations concerning relationships with third parties and our ability to realize the anticipated benefits therefrom;
our ability to attract and retain qualified employees and key personnel;
the effects of new laws, policies, taxes and regulations on our business;
management’s plans, beliefs and objectives, including the importance of our brand and culture on our business;
acquisitions of or investments in complementary companies, products, services or technologies and our ability to successfully integrate such companies or assets; and
any potential repurchase of our Class A common stock.

These forward-looking statements are subject to a number of risks, uncertainties and assumptions, including those described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements.

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that the future results, levels of activity, performance or events and circumstances reflected in the forward-looking statements will be achieved or occur. Moreover, neither we nor any other person assumes responsibility for the accuracy and completeness of the forward-looking statements. We undertake no obligation to update publicly any forward-looking statements for any reason after the date of this Annual Report on Form 10-K to conform these statements to actual results or to changes in our expectations, except as required by law.

You should read this Annual Report on Form 10-K and the documents that we reference in this Annual Report on Form 10-K and have filed with the Securities and Exchange Commission (SEC) as exhibits to this Annual Report on Form 10-K with the understanding that our actual future results, levels of activity, performance, and events and circumstances may be materially different from what we expect.

 

4


 

PART I

Item 1. BUSINESS

Overview

Box is the Content Cloud: a secure and intelligent content platform. Box gives organizations a single platform for their unstructured data – which typically represents about 90% of all data within an organization. This data is content – from blueprints to wireframes, videos to documents, proprietary formats to PDFs – and it is the source of an organization’s unique value. The Box Content Cloud enables our customers to securely manage the entire content lifecycle, from the moment a file is created or ingested to when it is shared, edited, published, approved, signed, classified, and retained. Box keeps content secure and compliant, while also allowing easy access and sharing of this content from anywhere, on any device – both within the organization and with external partners.

With our Software-as-a-Service (SaaS) platform, users can work with their content as they need – from secure external collaboration and sharing, to workspaces and portals, to e-signature processes and content workflows – improving employee productivity and accelerating business processes. IT teams can establish a space for compliant content management, and developers can easily create customized portals for white-labeled content collaboration. Administrators have a plethora of security, data protection, and compliance features they can activate to provide users with a better way meet legal and regulatory requirements, internal policies, and industry standards and regulations. The Box platform enables a broad range of high-value business use cases – and integrates with more than 1,500 leading business applications. With hundreds of file formats and media types supported, Box is compatible with multiple application environments, operating systems, and devices – ensuring that workers can securely access their critical business content whenever and wherever they need it.

Our go-to-market strategy includes selling the entire platform to an organization with the full set of Box capabilities. During that sales process, we partner with IT decision makers (including CEOs, CIOs, CISOs, and IT Directors), as well as departmental and line of business leaders, to identify their content-oriented pain points. From there, we work together to create joint success plans that define the path to Box implementations that meet the needs of the organization, including through the sale of our own consulting services, and in conjunction with partners. Between close partnerships with IT and end-user-driven bottoms-up adoption, we work with our customers to identify future opportunities for more automation and protection within the Box platform.

We focus our efforts on larger enterprises, capitalize on international growth in key regions, and utilize our partner ecosystem where most advantageous. In addition to our high-touch enterprise work, we field inbound inquiries and online sales opportunities. We further expand our market reach by leveraging our network of channel partners that include both value-added resellers and systems integrators. Additionally, we offer individuals a free version of Box that allows them to experience first-hand our easy-to-use and secure solution. Use of Box often spreads virally within and across organizations, as users adopt Box and invite new users to collaborate. This motion will often lead to an initial sale with an organization to unite their various users into an enterprise-governed implementation, and from there we continue our aforementioned high-touch sales efforts, with a focus on use case expansion. Ultimately, our sales strategy is focused on ensuring that new and existing customers both understand and experience the transformative impact of Box.

We have a rich technology partner ecosystem, offering integrations with partners such as Adobe, Apple, Cisco, Google, IBM, Microsoft, Okta, Oracle-NetSuite, Palo Alto Networks, Salesforce, ServiceNow, Slack, USDM, and Zoom. This gives our users seamless and secure access to their content across all their workflows and applications. In addition, in-house enterprise developers and independent software developers can use our developer platform and open application programming interfaces (APIs) to rapidly build and provision new applications that leverage and extend the core functionality of our services, increasingly with a focus on specific industries and vertical market use cases. To date, tens of thousands of third-party developers have leveraged our platform as the secure content layer for their applications.
 

5


 

We are committed to powering how the world does more good together. Founded in 2014, Box.org serves over 11,000 nonprofits globally with donated or discounted Box product, employee volunteer hours and grants from the Box Impact Fund. Box.org focuses on areas where Box is uniquely positioned to make an impact, including child welfare, crisis response and the environment.

The Box Solution

We offer web, mobile and desktop applications for the Content Cloud on a single platform, as well as the ability to develop custom applications. Four core capabilities differentiate Box from competitors: advanced data protection and compliance, modern workflow and collaboration experiences, a flexible and interoperable platform, and integration with advanced artificial intelligence (AI) models. Box features and functionality include the following:

Advanced Data Protection and Compliance

Global Cloud Architecture. We have built our platform from the ground up on a cloud-based architecture, which enables us to rapidly develop, update and provision our services to users. Our proprietary cloud architecture is particularly well-suited for today’s dynamically changing business requirements because it enables use of the most up-to-date versions of our solutions at all times and administrators to immediately apply changes in policies and controls across all their organization’s critical content simultaneously. Our modern cloud infrastructure also powers global scalability and reliability with minimal downtime for our customers, ensuring their business-critical content is always secure, compliant, and available.
Enterprise-Grade Security. We have invested heavily to build robust, frictionless security features to protect our customers from the most pervasive security threats. At the most basic level, all files stored in Box are encrypted at rest and in transit. Box’s information rights management features enable secure access and management of files by providing granular control over users’ ability to access, view, download, edit, print or share content. Box also provides security controls such as multi-factor authentication that ensure user identity when allowing access to content, as well as endpoint security tools to restrict access to only properly vetted devices. With Box KeySafe, organizations can implement higher levels of data security and protection by keeping control of the encryption keys that protect their content. This advanced encryption feature is valuable to many organizations, including those in highly regulated industries such as financial services, health care, government and legal.
Intelligent Threat Detection and Smart Access with Box Shield. Box Shield provides granular, near real-time threat detection and protection capabilities. Box Shield leverages advanced machine learning to scan files for sophisticated malware (including ransomware) and identify suspicious user behavior to detect and prevent threats before they become data breaches. Box Shield reduces the risk of accidental data leakage through native security classifications and granular access controls, and can automatically apply classification to content by identifying predefined attributes or personal identifiable information.
Comprehensive Data Governance Strategy. Box serves as a secure, centralized system of record for retaining content for operational use while supporting adherence to applicable laws and regulations. Box Governance allows administrators to manage the lifecycle of content and has robust integrations with leading eDiscovery vendors. Box Governance allows customers to create and manage retention policies with an automated disposition action to meet an enterprise's specific business needs and maintain compliance. With Box Governance, organizations can apply legal holds to preserve content and protect content from being deleted, helping customers to reduce legal risk.
Box Zones for In-Region Data Storage. Box Zones enables businesses around the globe to adopt Box as their modern content management platform by letting them store and manage their content locally in certain regions. This helps organizations address region-specific compliance mandates associated with data residency and privacy. 
Content Migration. Box makes it easy for organizations to move their existing data to Box, no matter where it is currently stored. Box Shuttle is our content migration tool, which enables petabyte-scale content migration from numerous source systems, including file servers, cloud sharing tools, and

6


 

content management systems. Organizations can perform a full migration entirely within Box while leveraging advanced features such as in-depth analysis of existing data on third-party systems, migration simulations to verify configuration and mapping, retention of content features such as permissions and version history, and robust during- and post-migration analysis. For tailored migration needs, Box Consulting offers comprehensive migration services, from tool enablement to fully managed migrations – helping organizations get their content into Box.
Focus on Industry-Specific Capabilities. Box offers solutions for industry-specific content needs, especially in industries that have more complex content, compliance, and collaboration challenges. Box works to target specific business problems within these industries with a combination of Box and industry partner technologies such as industry-specific tools like Guidewire's insurance platform and horizontal tools like Salesforce's customer relationship management platform. Our platform can be configured to meet strict industry compliance requirements like Federal Risk and Authorization Management Program (FedRAMP), Financial Industry Regulatory Authority (FINRA), GxP, Health Insurance Portability and Accountability Act (HIPAA), State Risk and Authorization Management (StateRAMP), and more. We offer implementation services through Box Consulting as well as key industry-oriented partners. Some of the key industries we serve include life sciences, financial services, retail and consumer packaged goods, and public sectors.
Enterprise Administrative Controls. We give IT administrators powerful enterprise-grade tools and automations to securely define access rights and permissions by users and groups, content type, devices, and business needs. Administrators can set specific content policies and restrictions, such as access by external groups, expiration dates to auto-delete files or deactivate links to time-sensitive materials.
Reporting and Insights. All internal and external user activity and content interactions in Box can be tracked and is auditable by our customers’ authorized administrators through the Box Admin Console and via APIs, providing visibility into how enterprise content is being accessed, used, and shared across the content lifecycle. Administrators gain insights with easy-to-use dashboards, visualizations and calls to action for monitoring, reporting and mitigating risk.
Simple and Rapid Deployment. Our cloud-based software allows organizations to deploy our products and native integrations easily, quickly, and cost effectively. IT administrators can quickly add users and groups, set up permissions, migrate content, create folders and policies, and begin using our products almost immediately without the need to procure and provision hardware or install and configure software.

To give our customers the flexibility to choose between à la carte and bundled subscription options, we offer Box Shield, Box Governance, Box KeySafe, and Box Zones both as standalone add-ons and as part of our bundled Enterprise Plus plan.

Modern Workflow and Collaboration Experiences

Internal and External Collaboration. Box offers a core native collaboration experience enabling users to securely share, preview and annotate files in Box from anywhere, on any device. Box has two primary ways to share files, by inviting collaborators and choosing between seven permission levels for their shared files and folders and by leveraging secure shared links with access permissions. With Box Shield, users can assign access restrictions with Smart Access controls such as download and print restrictions, based on the classification of the document, and admins can set expiration dates for shared links. Box also has over 1,500 pre-built integrations, including Microsoft 365 (Office, Outlook), Microsoft Teams, Google Workspace, and Apple iWork, so that users can work together on a platform of their choice while managing content security and access permissions within Box.
Real-Time Collaboration, Content Authoring and Coauthoring. Our native content authoring tool, Box Notes, enables users to seamlessly share and collaborate in real time with internal teams and external partners. Box Notes combines lightweight word processing functionality with easy-to-use tables, content organization, and commenting features to make it simple for users to work together on projects in real time. Our pre-built integrations with Microsoft 365 and Google Workspace allow users to preview, open, create new, and co-author on content in real-time in the application of their choice.

7


 

Intelligent Portals. We recently announced Box Hubs, which enables users to securely curate and publish content in centralized portals that can be shared across the organization – without needing IT or administrator resources. All content published in a Hub retains Box’s enterprise-grade security, governance, and compliance capabilities, so that content is only made available to its intended audience.
Whiteboarding and Visual Collaboration. Box Canvas, our native visual collaboration and white boarding tool, brings working together to life with new ways to connect, innovate, and share securely. Box Canvas offers a flexible, virtual environment where users can ideate, brainstorm and collaborate visually directly in Box.
Content Insights. Content Insights shows how each piece of content is being used, who is using it, and when it is being accessed. With easy-to-understand visualizations and the ability to filter and drill down to see performance over time, Content Insights provides users with a clear picture of content performance and gives them granular information needed to make data-driven decisions.
 
Mobility. With the Box Mobile application, users can securely access, manage, and share their content anytime and from anywhere, through native and web browser applications using nearly any device and a variety of operating systems, such as iOS and Android. Our mobile applications empower users to preview, comment, annotate, and collaborate on content from anywhere, and they make it easy to add content to Box with native scanning, uploading, and classification. With the Box for Vision Pro application, users can view and collaborate on media and 3D content using the Apple Vision Pro’s spatial computing workspace.
Elegant, Intuitive and User-Centric Interface. We have designed an intuitive user experience that minimizes or eliminates the need for upfront training. Our focus on a simple and elegant interface, coupled with compelling access, sharing, and collaboration features, aims to foster rapid adoption and user engagement.
Handle Content of Nearly Any Type. Users can securely access, share, and collaborate on content, from virtually any device or operating system, across a wide-range of formats and file types, including large media files.
Electronic Signatures. Box Sign, our natively integrated e-signature capability, provides organizations with secure, seamless e-signature workflows, such as signing contracts, employment offers, or statements of work, right where their content lives – with enterprise-grade security, privacy, and compliance built in. Box Sign provides a seamless signer and sender experience across web and mobile devices, with flexible template options, support for more than 20 languages, and additional security features such as signer authentication and password protection. Our native integration with Box Sign empowers customers to leverage its functionalities alongside Box Shield and Box Relay. Customers can deploy Shield's access policies to restrict signature requests to authorized users. They can also use Relay to streamline and automate post-signature workflows. We also offer APIs that allows organizations to power e-signatures in their custom integrations and applications, as well as integrations with tools like Appian, Certa, Form.io, Jotform, mxHERO, Reva (ServiceNow), Revv, Salesforce, Slack Workflows, UiPath, VersaFile docuflow (SAP), and Workato to embed e-signature workflows in common business processes. For life sciences customers, Box Sign (as part of Box GxP Validation) supports compliance with 21 CFR Part 11 regulation for electronic signatures to address FDA-regulated use cases.
Automation and Workflow Management. Box Relay, our no-code process automation tool for content-centric workflows, enables users to build process automations in Box in a matter of minutes without writing code. Box Relay provides for more than 75 triggers and outcomes that enable a wide variety of file, folder, task, or metadata actions such as routing documents to specific folders, assigning tasks to individuals or teams, securing documents with watermarking and security classifications, dynamically naming files and folders at runtime, and managing metadata. This includes automating the processing of files submitted via our File Request capability which enables users to source files easily and securely from anywhere. In addition, we provide a library of pre-built Box Relay workflow templates for users to get started quickly, and reporting capabilities to make it easy for users to track and manage their own workflows. Plus, Box Relay integrates with Box Shield to automatically secure content and with Box Sign to automate post-signature workflows.

8


 

A Flexible and Interoperable Platform

Pre-Built Integrations with Best-of-Breed Applications. Box provides a unified and secure content layer across the enterprise technology stack. We offer more than 1,500 pre-built integrations with leading enterprise technology providers, including Adobe, Apple, Cisco, Google, IBM, Microsoft, Okta, Oracle-NetSuite, Salesforce, ServiceNow, Slack, USDM, and Zoom. Our integrations offer seamless interoperability that boosts user productivity and maintains enterprise security, privacy and compliance policies. To make the entire enterprise ecosystem more secure, we continue to add or enhance integrations within our Box Trust Partner Program. We also have a developer platform, a developer community, and robust set of APIs that provide organizations with the ability to build custom integrations and solution applications on Box.
Box Platform. We provide a content Platform-as-a-Service (PaaS) product, known as Box Platform, which allows IT teams and third-party developers to extend the power of Box across their applications and build custom content experiences. With our easy-to-use APIs, businesses can create a single source of truth for their content, allowing IT teams to deploy key business applications while easily managing how content is accessed, collaborated on, and secured. Coupled with our robust developer tools, the Box Platform enables organizations to build applications faster, without having to invest in building their own content management infrastructure. We also give organizations the ability to extend our Box AI capabilities to power their third-party and customer applications, empowering even more industry and departmental use cases.

Integration with Advanced AI Models

AI Platform. Box AI is an AI content platform that natively integrates advanced AI models into the Box platform, enhancing how users work across the entire content journey, including collaboration, content generation, and content curation – all while maintaining the enterprise-grade security, compliance, and privacy of Box.
Security and Privacy. Box remains committed to complying with privacy, security, and applicable regulations by prioritizing the continued protection of both user and enterprise data. To ensure that all content processed by our AI systems remains secure and confidential, encryption and data-security best practices are used to safeguard customer data. Box does not train AI models with customer content without the customer’s explicit authorization. Box also does not allow any partners or third parties to use customer data to train their models.
User Controls. Enterprises are in full control of AI usage. Administrators can turn Box AI on and off as well as choose which user groups get access to Box AI. Box AI is governed by Box’s built-in permissions and is designed to keep customers in control of their data so that users can only see and interact with the files and content they are allowed to access.
Reporting. Enterprises that use Box AI have access to usage reporting from the Admin Console, such as who in the organization has used Box AI, and how many AI queries have been used in the organization.
Model Neutrality. Box AI is platform-neutral, consistent with the Box platform, and is powered by AI models from various AI vendors to provide the best user experience for Box customers. To date, Box has announced partnerships with Azure OpenAI and Google. In the future, we plan to enable customers to “bring your own model,” or BYOM, should they choose not to leverage default models.
Intelligent Documents. With Box AI for Documents, users can ask questions about a document they are viewing and uncover key findings or summarize complex topics, such as generating insights from a report. With the provided answers, users can also view citations and audit the source of the AI-generated statement.
AI for Real-Time Collaboration. Box AI for Notes helps to increase productivity further, and users will be able to create content from scratch, generate new material from existing information, or refine drafted material.

9


 

Intelligent Portals. Box Hubs, a portal for secure content creation and publishing – without needing IT or an administrator – will soon also be available with Box AI. Customers will be able to query multiple documents that are organized in a Hub – to quickly find answers, automatically summarize vast amounts of information, and effortlessly create new content. All content published in a Hub will retain Box’s enterprise-grade security, governance, and compliance capabilities, so that content is only made available to its intended audience.
AI APIs. We plan to launch Box AI APIs that will allow organizations to extend Box AI capabilities to power their third-party and custom applications, while maintaining the same enterprise-grade security, compliance, and privacy of Box. Box AI APIs will provide additional flexibility to customers by bringing AI to their existing applications, empowering even more industry and departmental use cases.

Customers

As of January 31, 2024, we had over 100,000 paying organizations, and our solution was offered in 25 languages. We define paying organizations as separate and distinct buying entities, such as a company, an educational or government institution, or a distinct business unit of a large corporation, that have entered into a subscription agreement with us to utilize our services. Organizations typically purchase our solution in the following ways: (i) employees in one or more small groups within the organization may individually purchase our service; (ii) organizations may purchase IT-sponsored, enterprise-level agreements with deployments for specific, targeted use cases ranging from tens to thousands of user seats; (iii) organizations may purchase IT-sponsored, enterprise-level agreements where the number of user seats sold is intended to accommodate and enable nearly all information workers within the organization in whatever use cases they desire to adopt over the term of the subscription; and (iv) organizations may purchase our Box Platform service to create custom business applications for their internal use and extended ecosystem of customers, suppliers and partners.

We have developed several programs designed to provide customers with service options to quickly get them up and running and enhance their usage of Box. These services include 24x7 support provided by our Customer Success Management group and certain resellers; a professional services ecosystem that consists of our Box Consulting team and system integrators that help customers implement cloud content management oriented use cases; a Customer Success Management group to assist customers in production; and an online community with self-service training materials, best practice guides and product documentation.

No customer represented 10% or more of our revenue in the year ended January 31, 2024. Our geographic revenue and segment information is set forth in Notes 2 and 14, respectively, of our Notes to Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K.

Sales and Marketing

We offer our solution to customers as a subscription-based service, with subscription fees based on customer requirements, including the number of users and functionality deployed. The majority of our customers subscribe to our service through one-year contracts, although we also offer our services for terms ranging from one month to three years or more. We typically invoice our customers at the beginning of the contract term, in multi-year, annual, quarterly or monthly installments. We recognize revenue as we satisfy our performance obligations. Accordingly, due to our subscription model, we recognize revenue for our subscription and premier services ratably over the term of the contract.

We employ a direct sales team to offer a higher touch experience. We also make it easy for users and organizations to subscribe to paid versions of our service on our self-service web portal. Our sales team is composed of inside sales, outbound sales and field sales personnel who are generally organized by account size and geography, and/or major industry focus. We also have a rich ecosystem of channel partners who expand our reach to both large and small enterprises.

10


 

We generate customer leads, accelerate sales opportunities and build brand awareness through our marketing programs and through our strategic relationships. Our marketing programs target senior IT leaders, technology professionals and senior line of business leaders.

As a core part of our strategy, we have developed an ecosystem of partners to both broaden and complement our application offerings and to provide a broad array of services that fall outside of Box’s areas of focus. These relationships include software and technology partners, as well as consulting and implementation services providers that enable Box to address a broader set of use cases for our customers.

Sales and marketing expenses were $348.6 million, $331.4 million and $298.6 million for the years ended January 31, 2024, 2023 and 2022, respectively.

Research and Development

Our ability to compete depends in large part on our continuous commitment to product development and our ability to rapidly introduce new applications, technologies, features and functionality. In simple conceptual form, we provide a single, secure, easy-to-use platform built for the entire content lifecycle. In practice, we develop and maintain a set of sophisticated software services (e.g., search, share, secure, convert/view, logging) around content. These services, which comprise our platform, are used to develop our own applications (e.g., sync, desktop, web, native mobile) and also support the development of third-party applications.

Our product development organization is responsible for the specification, design, development and testing of our platform and applications. We focus our efforts on providing a platform that accelerates business processes, improves employee productivity, enables secure remote work, and protects an organization’s most valuable data. We strive to continually improve our applications so that they help users and teams become more productive in their day-to-day work.

Research and development expenses were $248.8 million, $243.5 million and $218.5 million for the years ended January 31, 2024, 2023 and 2022, respectively.

Competition

The content management market is large, highly competitive and highly fragmented. It is subject to rapidly evolving technology, shifting customer needs and frequent introductions of new products and services. We face competition from a broad spectrum of technology providers: traditional content management vendors who deploy on-premise and offer deep records management, business process workflow, and archival capabilities; newer mobile enterprise vendors who are beginning to enter the content collaboration market; vendors whose core competency is simple file sync and share, which can be deployed on-premises, hybrid, or via a SaaS delivery model; and social collaboration vendors who focus on the conversations that occur between teams. With our expanded product offerings and use cases, we also now compete with companies in the e-signature, content collaboration, workflow automation, and security and governance markets. Our primary competitors in the content management market include, but are not limited to, Microsoft (SharePoint) and OpenText (Documentum). In the enterprise file sync and share market, our primary competitors include, but are not limited to, Microsoft (OneDrive), Google (Drive) and, to a lesser extent, Dropbox.

We may face future competition in our markets from other large, established companies, as well as from smaller specialized companies. In addition, we expect continued consolidation in our industry which could adversely alter the competitive dynamics of our markets including both pricing and our ability to compete successfully for customers.

The principal competitive factors in our market include:

enterprise-grade security and compliance;
scalability of product and infrastructure for large deployments;
ability to store content in multiple geographic locations;

11


 

speed, availability, and reliability of the service;
low-cost, quick deployment;
agnostic to device, operating system, and file type;
ease of user experience;
customer-centric product development;
current and forward-thinking product development;
automation and workflow management;
depth of integration into enterprise applications, including office productivity, desktop and mobile tools;
rich ecosystem of channel partners and applications;
open, extensible platform and APIs for custom application development;
intelligent content management including metadata capabilities;
superior customer service and commitment to customer success;
strength of professional services organization; and
self-service content migration tools.

We believe that we compete favorably on the basis of these factors, primarily because of our industry-leading security and compliance, cloud-native approach to real-time, internal and external collaboration, integrations and open platform. Our ability to remain competitive will depend to a great extent upon our ongoing performance in the areas of product development, core technical innovation, platform and partner ecosystem, and customer support. In addition, many of our competitors may have greater name recognition, longer operating histories, larger marketing budgets, significantly greater resources and established relationships with our partners and customers, which can give them advantageous positioning for their products despite other competitive merits of respective product features and functionality. Some competitors may be able to devote greater resources to the development, promotion and sale of their products than we can to ours, which could allow them to respond more quickly than we can to new technologies and changes in customer needs.

Intellectual Property

We rely on a combination of trade secrets, patents, copyrights and trademarks, as well as contractual protections, to establish and protect our intellectual property rights. As of January 31, 2024, our patents were set to expire between 2028 and 2042. We intend to pursue additional patent protection to the extent that we believe it would be beneficial and cost effective.

We require our employees, contractors, consultants and other third parties to enter into confidentiality and proprietary rights agreements and control access to software, documentation and other proprietary information. Although we rely on the intellectual property rights and contractual protections described above, we believe that factors such as the technological and creative skills of our personnel, creation of new modules, features and functionality, and frequent enhancements to our applications are more essential to establishing and maintaining our technology leadership position.

Despite our efforts to protect our proprietary technology and our intellectual property rights, unauthorized parties may attempt to copy or obtain and use our technology to develop applications with the same functionality as our services. Policing unauthorized use of our technology and intellectual property rights on a global basis is difficult.

We expect that software and other applications in our industry may be subject to third-party infringement claims as the number of competitors grows and the functionality of applications in different industry segments overlaps. Any of these third parties might make a claim of infringement against us at any time.

12


 

Backlog

We generally sign annual and multi-year subscription contracts for our Content Cloud. The frequency of our invoices to each customer is negotiated and varies among our subscription contracts. We continued to focus on annual payment frequencies for multi-year contracts in the twelve months ended January 31, 2024. As a result, for multi-year contracts, we frequently invoice an initial amount at contract signing followed by subsequent annual invoices. Until amounts are invoiced, they are typically not recorded in deferred revenue, billings or elsewhere in our consolidated financial statements other than disclosed as part of remaining performance obligations. To the extent future invoicing is determined to be certain, we consider such future subscription invoices to be non-cancellable backlog, which is disclosed as part of remaining performance obligations. Future invoicing is determined to be certain when we have an executed non-cancellable contract or a significant penalty that is due upon cancellation. We had $720.9 million and $681.3 million of non-cancellable backlog as of January 31, 2024 and 2023, respectively. The increase of non-cancellable backlog as of January 31, 2024 was primarily driven by expansion within existing customers as they broadened their deployment of our product offerings and the conversion to multi-product Suites. The increase of non-cancellable backlog was also driven by the addition of new customers and the timing of customer-driven renewals. Non-cancellable backlog was partially offset by a negative impact from foreign currency exchange rates.

We expect that the amount of backlog relative to the total value of our contracts will change from year to year due to several factors, including the timing and duration of customer subscription agreements, varying price, volume, and invoicing cycles of subscription contracts, the timing of scheduled customer renewals, and foreign currency fluctuations. Accordingly, we believe that fluctuations in backlog are not always a reliable indicator of future revenue.

Human Capital Resources

Our company is built on people: we call them Boxers. They come from a range of backgrounds and experiences, and each of them has a unique story to tell. As of January 31, 2024, we employed 2,530 people. None of our employees are represented by a labor union. We have not experienced any work stoppages, and we consider our relations with our employees to be very good. In 2023, Box was recognized by Great Place to Work and Fortune magazine for several awards, including 100 Best Companies to Work For, Best Workplaces in Technology, and Best Workplaces for Parents.

Diversity, Equity and Inclusion (DEI)

At Box, our goal is to fully leverage and engage the individual talents and capabilities of our diverse teams, ultimately creating an inclusive environment where Boxers feel they belong and bring their (__ ) selves to work. We approach DEI through the following areas:

Culture: At Box, we prioritize creating an inclusive environment where everyone can thrive, regardless of their background or identity. We focus on fostering a sense of belonging through our Boxer Mindsets which promote behaviors that support inclusion for all Boxers. We also provide educational opportunities such as bias training, courses for people leaders on topics such as fostering psychologically safe environments, and allyship courses to equip Boxers with the tools they need to create healthy and supportive environments for all individuals.

Careers: We focus on ensuring that we are recruiting, developing and progressing a high performing workforce. We take great pride in celebrating our differences, and we hire the best talent from all backgrounds. We want to build teams that are diverse, with a broad representation of gender, ethnicity, sexual orientation, religion, backgrounds, and perspectives — among many other dimensions of diversity. Our recruiting team focuses on a variety of diverse pipeline partnerships such as Latinas In Tech and Hiring our Heroes to support diverse talent in our field. In addition, we focus on enabling initiatives and resources that mitigate biases in our hiring, development and progression processes. We also offer a global 1:1 mentoring program, which enhances talent across the company, providing our employees with the skills and tools needed to thrive.

Community: At Box, we have a dynamic array of employee resources communities (ERC) and interest communities, which support and develop members of diverse communities and their allies. Some of these

13


 

communities include Box Women’s Network, BoxVets, SomosBox, Pride and BoxAbilities – a newly developed community focused on neurodiversity, disability and accessibility. These global communities engage in community gatherings and developmental opportunities, amplifying the needs of diverse groups internally and externally.

Learning and Development

We want all of our employees to have thriving careers where they grow and develop in meaningful ways. There is no one-size-fits-all career path at Box, so we seek to ensure that every Boxer has the tools and support they need to drive their career. We do this by giving all Boxers access to learning and development opportunities based around individual needs to build skill sets and experience. These initiatives include:

Internal mobility: We acknowledge that career progression looks less like a ladder and more like a climbing wall. We stand behind the idea that enabling our employees to work cross-functionally and within different teams provides a broader perspective of Box that will allow them to succeed in the future.
LearnFest: LearnFest, our learning lineup for skill development and personal and professional growth, happens two times each year. During LearnFest, the entire company has focused time for trainings, workshops, and other learning events.
Professional coaching and external leadership development programs: We offer targeted professional coaching for all levels of our executive leadership team (i.e., director-level and above) as well as access to business education and networking programs such as The Leadership Consortium affiliated with Harvard Business School, Women’s Executive Leadership program through Stanford Business School and Advancing Women Executives.
On-Demand Learning: We offer all Boxers access to an on-demand learning platform so they can develop a wide variety of skills at a time and place of their choosing.

Pay Equity

We hold ourselves accountable, which is why we signed the California Equal Pay Pledge. As part of our commitment, we conduct an annual company-wide gender pay analysis to promote and measure equitable compensation across gender. In addition, we externally benchmark the compensation we provide for each role to ensure pay parity, and provide periodic pay equity updates to the Compensation Committee of our Board of Directors.

Boxer Experience Surveys

We survey employees once a year to ensure that everyone’s voice gets heard and we better understand the key areas where we can improve employee experience. These key areas include our experience with our managers, our ability to get work done, and our sense of belonging at work. Survey results are reviewed and become part of our action plans at all levels of the organization. Our People and Communities team incorporates survey feedback into our programs, policies, and the cultivated experiences that drive our culture. Our functional leaders leverage the feedback to drive annual plans across their teams to improve efficiency, establish communication channels, and reinforce behaviors aligned with our values. Finally, following each survey, managers discuss employee experience results with their team and form a plan to address issues that are identified in survey results.

Employee Health and Safety

The health and safety of our employees is one of our top priorities. We strive to create an environment where Boxers are physically and mentally safe and healthy. We offer a comprehensive health and wellness benefits package to all employees.

To promote the well-being of our employees, we provide "Fresh Air Days," offering a few paid days off each year in addition to our generous paid time off and holidays. We also offer meditation, free coaching and therapy

14


 

sessions for both employees and their dependents, sabbaticals for long-tenured employees, family support, and additional benefits tailored to meet everyones needs throughout their career.

Sustainability

At Box, we are committed to leveraging our cloud technology for sustainable operations. Recognizing the profound impact of climate change on the global economy, our company, and our stakeholders, we embrace our responsibility to safeguard the planet. Our journey toward sustainability is ongoing, driven by a commitment to understand our environmental footprint and enhance our positive impact.

Cloud Migration and Environmental Wins: A significant milestone in our sustainability journey is the completion of our multi-year infrastructure migration to the public cloud. This achievement positions us for ongoing environmental benefits, including reduced energy consumption and CO2 footprint.
Rating Partners: Our dedication to sustainability is evident in our participation in Environmental, Social, and Governance (ESG) questionnaires for organizations such as Carbon Disclosure Project, Ecovadis, and Institutional Shareholder Services, Inc.
Internal Policies: Internally, we have published a waste management policy, serving as a cornerstone of our future broader environmental strategy.
Sustainable Offices: Our office buildings worldwide have received a number of certifications, including:
BREEAM Certification in London and Warsaw.
Energy Star Certified in Austin.
Fitwel Certification in Redwood City and San Francisco.
LEED Gold Certification in Redwood City, San Francisco, and Austin.
LEED Silver Certification in New York.
WELL Building Institute Gold Standard in Warsaw.
WELL Health Safety Rated in Chicago and Warsaw.
100% Renewable Electricity in Tokyo.
Employee Engagement and Support: We continue to support our Boxers with internal events focused on sustainability, engaging both remote and office-based employees throughout the year. Event highlights include beach and community clean-ups, tree plantings, clothing swaps, and tech donation drives. Our commitment to sustainability extends beyond operations and permeates our corporate culture, involving every member of the Box community in our collective efforts toward a greener future.

Corporate Information

Our website address is www.box.com, and our investor relations website is located at www.box.com/investors. The information on, or that can be accessed through, our website is not part of this Annual Report on Form 10-K. We were incorporated in 2005 as Box.Net, Inc., a Washington corporation, and later reincorporated in 2008 under the same name as a Delaware corporation. In November 2011, we changed our name to Box, Inc. The Box design logo, “Box” and our other registered and common law trade names, trademarks and service marks are the property of Box, Inc. Other trademarks, service marks, or trade names appearing in this Annual Report on Form 10-K are the property of their respective owners.

15


 

Available Information

We file annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended. The SEC maintains a website at www.sec.gov that contains reports, proxy and information statements and other information that we file with the SEC electronically. Copies of our reports on Form 10-K, Forms 10-Q, Forms 8-K, and amendments to those reports may also be obtained, free of charge, electronically through our investor relations website located at www.box.com/investors as soon as reasonably practical after we file such material with, or furnish it to, the SEC.

We also use our investor relations website as a channel of distribution for important company information. Important information, including press releases, analyst presentations and financial information regarding us, as well as corporate governance information, is routinely posted and accessible on certain X accounts, such as @box, @levie and @boxincir. Information on, or that can be accessed through, our websites or these X accounts is not part of this Annual Report on Form 10-K, and the inclusion of our website addresses and X accounts are inactive textual references only.

16


 

Item 1A. RISK FACTORS

Investing in our securities involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information in this Annual Report on Form 10-K, including in the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes, before making a decision to invest in our securities. If any of the risks actually occur, our business, financial condition, operating results and prospects could be materially and adversely affected. In that event, the market price of our Class A common stock could decline, and you could lose part or all of your investment.

Risk Factors Summary

Our business is subject to a number of risks and uncertainties, including those risks discussed at length below. These risks include, among others, the following:

If we do not compete effectively, our customers do not renew their subscriptions or expand their use of our services, we are unable to attract new customers at rates that are consistent with our expectations, or if the market for cloud-based enterprise services declines or develops more slowly than we expect, our business could be adversely affected.
Because we recognize revenue from subscriptions for our services over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our operating results.
Adverse economic conditions have in the past and may in the future result in reduced sales, longer sales cycles, reduced renewal rates, slower adoption of new technologies and increased price competition, any of which could negatively impact our business.
As a substantial portion of our sales efforts are increasingly focused on cloud content management use cases and are targeted at enterprise and highly-regulated customers, our sales cycles may become longer and more expensive and we may encounter greater pricing pressure and implementation and customization challenges, all of which could harm our business and operating results.
Issues relating to the use of artificial intelligence and machine learning could adversely affect our business and operating results.
If we fail to meet the service level commitments we provide under our subscription agreements, we could be obligated to provide credits or refunds for prepaid amounts related to unused subscription services or face subscription terminations, which could adversely affect our revenue. Furthermore, any failure in our delivery of high-quality customer support services may adversely affect our relationships with our customers and our financial results.
Our international operations expose us to significant risks, including the impact of fluctuations in currency exchange rates.
Actual or perceived security vulnerabilities in our services or any breaches of our security controls and unauthorized access to our or a customer’s data could harm our business and operating results.
Privacy concerns and laws or other domestic or foreign regulations may reduce the effectiveness of our services and harm our business, and we may not be able to satisfy data protection, security, privacy, and other government- and industry-specific requirements, which may harm our growth.
Our platform must integrate with a variety of operating systems, software applications and technologies that are developed by others, and if we are unable to ensure that our solutions interoperate with such systems, applications and technologies, our service may become less competitive, and our operating results may be harmed.
If we fail to effectively manage our technical operations infrastructure or suffer from interruptions or delays in service from our third-party providers, the delivery of our services may be harmed, which may adversely affect our business.

17


 

Our services are becoming increasingly mission-critical for our customers and if these services fail to perform properly or if we are unable to scale our services to meet the needs of our customers, our reputation could be adversely affected, our market share could decline and we could be subject to liability claims.
Our growth depends in part on the success of our strategic relationships with third parties.
We depend on our key employees and other highly skilled personnel to grow and operate our business, and if we are unable to hire, retain and motivate our personnel, including expanding and optimizing our direct sales force, we may not be able to grow effectively.
We may be sued by third parties for alleged infringement of their proprietary rights.
Any failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and brand.
Our Series A Convertible Preferred Stock has rights, preferences and privileges that are not held by, and are preferential to the rights of, our Class A common stockholders, which could adversely affect our liquidity and financial condition.

Risks Related to Our Business and Our Industry

The market in which we participate is intensely competitive, and if we do not compete effectively, our operating results could be harmed.

The market for cloud content management services is fragmented, rapidly evolving and highly competitive, with relatively low barriers to entry for certain applications and services. Many of our competitors and potential competitors are larger and have greater brand recognition, longer operating histories, and significantly greater resources than we do. Our primary competitors in the cloud content management market include Microsoft (SharePoint) and OpenText (Documentum). In the enterprise file sync and share market, our primary competitors include Microsoft (OneDrive), Google (Drive) and, to a lesser extent, Dropbox. We also compete with companies in the e-signature, content collaboration, workflow automation, and security and governance markets. With the introduction of new technologies and market entrants, we expect competition to intensify in the future. For example, disruptive technologies such as generative AI may fundamentally alter the market for our services in unpredictable ways, including reduced customer demand and increased costs of doing business. If we fail to compete effectively, our business will be harmed. Some of our competitors offer their products or services at lower prices or for free as part of a broader bundled product sale or enterprise license arrangement, which has placed pricing pressure on our business. If we are unable to achieve our target pricing levels, our operating results will be negatively impacted. For us to compete effectively, we need to introduce new products and services in a timely and cost-effective manner, meet customer expectations and needs at prices that customers are willing to pay, and continue to enhance the features and functionalities of our cloud content management platform. In addition, pricing pressures and increased competition could result in reduced sales, lower margins, losses or the failure of our services to achieve or maintain widespread market acceptance, any of which could harm our business.

Many of our competitors are able to devote greater resources to the development, promotion and sale of their products or services. In addition, many of our competitors have established marketing relationships and major distribution agreements with channel partners, consultants, system integrators and resellers. Competitors may offer products or services at lower prices or with greater depth than our services. Our competitors may be able to respond more quickly and effectively to new or changing opportunities, technologies, standards or customer requirements. Furthermore, some potential customers, particularly large enterprises, may elect to develop their own internal solutions. For any of these reasons, we may not be able to compete successfully against our competitors.

Our business depends substantially on customers renewing their subscriptions with us and expanding their use of our services. Any decline in our customer renewals or failure to convince our customers to broaden their use of our services would harm our future operating results.

To improve our operating results, it is important that our customers renew their subscriptions with us when their existing subscription term expires. We cannot assure you that customers will renew their subscriptions upon

18


 

expiration at the same or higher level of service, for the same number of seats or for the same duration of time, if at all. Our net retention rate has fluctuated from period to period and it may decrease again in the future if our customers do not renew their subscriptions with us or decrease their use of our services. Our net retention rate was approximately 101% and 108% as of January 31, 2024 and 2023, respectively.

Our net retention rate may decline or fluctuate as a result of a number of factors, including our customers’ satisfaction with our services, the effectiveness of our customer support services, the performance of our partners and resellers, our pricing, the prices of competing products or services, mergers and acquisitions affecting our customer base, our ability to successfully integrate new or acquired technology into our products, our ability to execute on our product roadmap, our customers’ budgets and spending levels, and the effects of global economic conditions, especially if challenging macroeconomic conditions continue. If our customers do not renew their subscriptions, renew them on less favorable terms, purchase fewer seats, or fail to purchase new product offerings, our revenue may decline, and we may not realize improved operating results from our customer base.

In addition, our business growth depends in part on our customers expanding their use of our services. The use of our cloud content management platform often expands within an organization as new users are added or as additional services are purchased by or for other departments within an organization. Further, as we have introduced new services throughout our operating history, our existing customers have constituted a significant portion of the users of such services. If our customers do not expand their use of our services, our operating results may be adversely affected.

If the market for cloud-based enterprise services declines or develops more slowly than we expect, our business could be adversely affected.

The market for cloud-based enterprise services is not as mature as the on-premise enterprise software market. Because we derive, and expect to continue to derive, substantially all of our revenue and cash flows from sales of our cloud content management solutions, our success will depend to a substantial extent on the widespread adoption of cloud computing in general and of cloud-based content management services in particular. Many organizations have invested substantial personnel and financial resources to integrate traditional enterprise software into their organizations and may be reluctant or unwilling to migrate to a cloud-based model for managing their content. It is difficult to predict customer adoption rates and demand for our services, the future growth rate and size of the cloud computing market or the entry of competitive services. The expansion of the cloud content management market depends on a number of factors, including the cost, performance and perceived value associated with cloud computing, as well as the ability of companies that provide cloud-based services to address security and privacy concerns. If there is a reduction in demand for cloud-based services, it could result in decreased revenue, harm our growth rates, and adversely affect our business and operating results.

Because we recognize revenue from subscriptions for our services over the term of the subscription, downturns or upturns in new business may not be immediately reflected in our operating results.

We generally recognize revenue from customers ratably over the terms of their subscription agreements, which range from one month to three years or more. As a result, most of the revenue we report in each quarter is the result of subscription agreements entered into during prior quarters. Consequently, a decline in new or renewed subscriptions in any one quarter may not be reflected in our revenue results for that quarter. However, any such decline will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in sales, our failure to achieve our internal sales targets, a decline in the market acceptance of our services, or a decrease in our net retention rate may not be fully reflected in our operating results until future periods. Our subscription model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from additional sales must be recognized over the applicable subscription term.

If we are unable to attract new customers at rates that are consistent with our expectations, our future revenue and operating results could be adversely impacted.

To improve our operating results and continue growing our business, it is important that we continue to attract new customers and expand deployment of our solutions and products with existing customers. To the extent we are successful in increasing our customer base, we could incur increased losses because costs associated with new

19


 

customers are generally incurred up front, while revenue is recognized ratably over the term of our subscription services. Alternatively, to the extent we are unsuccessful in increasing our customer base, we could also incur increased losses as costs associated with marketing programs and new products intended to attract new customers would not be offset by incremental revenue and cash flow. Changes in economic conditions may financially impact our existing and prospective customers and cause them to delay or reduce their technology spending, which may adversely affect our ability to attract new customers. For example, our business has been impacted by pressure from customers’ lower headcount growth and greater budget scrutiny on IT decisions since the second half of fiscal year 2023. All of these factors could negatively impact our future revenue and operating results.

Adverse economic conditions have in the past and may in the future result in reduced sales, longer sales cycles, reduced renewal rates, slower adoption of new technologies and increased price competition, any of which could negatively impact our business.

Our business depends on the overall demand for cloud content management services and on the economic health of our current and prospective customers. The United States and other key international economies have experienced cyclical downturns from time to time that have resulted in a significant weakening of the economy, more limited availability of credit, a reduction in business confidence and activity, and other difficulties that may affect the industries to which we sell our services. An economic downturn, recession, or uncertainty about economic conditions, including volatility in the credit, equity and foreign exchange markets, inflation, rising interest rates, potential United States (U.S.) sovereign default, bank failures and financial instability, ongoing supply chain disruptions, unemployment trends, the adverse effects of pandemics and geopolitical issues, such as the Hamas-Israel and Russia-Ukraine conflicts, could cause customers to delay or reduce their information technology spending. This has in the past and may in the future result in reduced sales, longer sales cycles, reduced renewal rates, slower adoption of new technologies, and increased price competition. Any of these events would likely have an adverse effect on our business, operating results and financial position. Since the second half of our fiscal year 2023, we have seen an impact from additional customer scrutiny being placed on deals due to the economic environment. In addition, there can be no assurance that cloud content management and collaboration spending levels will increase following any recovery.

If we are not able to successfully launch new products and services or provide enhancements or new features to our existing products and services, our business could be adversely affected.

Our industry is marked by rapid technological developments and new and enhanced applications and services. If we are unable to enhance our existing services or offer new services that achieve market acceptance or keep pace with rapid technological developments, our business could be adversely affected. The success of any new services or enhancements to our existing services, such as Box AI and Box Hubs, depends on several factors, including their timely completion, introduction and market acceptance. We also may experience business or economic disruptions that could adversely affect the productivity of our employees and result in delays in our product development process. We maintain a hybrid workforce (with a mix of employees working from offices and others working remotely), which may lead to disruptions and decreased productivity that could result in delays in our product development process. Failure in this regard may significantly impair our revenue growth and our future financial results. Our product development efforts could also be impacted by our workforce location strategy as we hire an increasing number of our employees in countries such as Poland and the Netherlands. In addition, because our services are designed to operate on a variety of systems, we must continuously modify and enhance our services to keep pace with changes in internet-related hardware, mobile operating systems, and other software, communication, browser and database technologies. We may not be successful in developing these modifications and enhancements or bringing them to market in a timely fashion, which may negatively impact our customer renewal rates, limit the market for our solutions, or impair our ability to attract new customers. Furthermore, modifications to existing platforms or technologies will increase our research and development expenses. Any failure of our services to operate effectively with existing or future network platforms and technologies could reduce the demand for our services, result in customer dissatisfaction and adversely affect our business.

20


 

Issues relating to the use of artificial intelligence and machine learning could adversely affect our business and operating results.

Issues relating to the use of new and evolving technologies such as generative AI powered by large language models and machine learning that we integrate into our product offerings may cause us to experience brand or reputational harm, competitive harm, legal liability, new or enhanced governmental or regulatory scrutiny, and to incur additional costs to resolve such issues. As with many innovations, AI presents risks and challenges that could undermine or slow its adoption, and therefore harm our business. For example, perceived or actual technical, legal, compliance, privacy, security, ethical or other issues relating to the use of AI may cause public confidence in AI to be undermined, which could slow our customers’ adoption of our products and services that use AI. In addition, litigation or government regulation related to the use of AI may also adversely impact our and others’ abilities to develop and offer products that use AI, as well as increase the cost and complexity of doing so. Developing, testing and deploying third-party AI systems may also increase the cost profile of our product offerings due to the nature of the computing costs involved in such systems, which could impact our margins and adversely affect our business and operating results. Our business may be disrupted if any of the third-party AI services we use become unavailable due to extended outages or interruptions or because they are no longer available on commercially reasonable terms or prices. Further, market demand and acceptance of AI technologies are uncertain, and we may be unsuccessful in our product development efforts.

Our sales to government entities are subject to a number of additional challenges and risks.

We sell to government customers, which can be highly competitive, often requiring significant upfront time and expense without any assurance that these efforts will generate a sale. Government certification requirements may change, or we may lose one or more government certifications, and in doing so restrict our ability to sell into the government sector or maintain existing government customers until we attain revised certifications. Government demand and payment for our products and services are affected by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions. Moreover, an extended federal government shutdown resulting from budgetary decisions, a prolonged continuing resolution, breach of the federal debt ceiling, or potential U.S. sovereign default may limit or delay federal government spending on our solutions and adversely affect our revenue. Government entities may also have statutory, contractual or other legal rights to terminate contracts with us for convenience or due to a default, and any such termination may adversely affect our future operating results.

As our sales efforts are increasingly focused on cloud content management use cases and are targeted at enterprise and highly-regulated customers, our sales cycles may become longer and more expensive, and we may encounter greater pricing pressure and implementation and customization challenges, all of which could harm our business and operating results.

As our sales efforts are increasingly focused on cloud content management use cases and are targeted at enterprise and highly-regulated customers, we face greater costs, longer sales cycles and less predictability in the completion of some of our sales. In this market segment, a customer’s decision to use our services may be an enterprise-wide decision. These types of sales opportunities require us to provide greater levels of customer education regarding the uses and benefits of our services, as well as education regarding security, privacy, and data protection laws and regulations, especially for customers in more heavily regulated industries or with significant international operations. In addition, larger enterprises may demand more customization, integration, support services, and features. These factors could increase our costs, lengthen our sales cycles and leave fewer sales support and professional services resources for other customers. Professional services may also be performed by a third party or a combination of our own staff and a third party. Our strategy is to work with third parties to increase the breadth of capability and depth of capacity for delivery of these services to our customers. If a customer is not satisfied with the quality or interoperability of our services with their own IT environment, we could incur additional costs to address the situation, which could adversely affect our margins. Moreover, any customer dissatisfaction with our services could damage our ability to encourage broader adoption of our services by that customer. In addition, any negative publicity resulting from such situations, regardless of its accuracy, may further damage our business by affecting our ability to compete for new business with current and prospective customers.

21


 

If we fail to meet the service level commitments we provide under our subscription agreements, we could be obligated to provide credits or refunds for prepaid amounts related to unused subscription services or face subscription terminations, which could adversely affect our revenue. Furthermore, any failure in our delivery of high-quality customer support services may adversely affect our relationships with our customers and our financial results.

Our customer subscription agreements provide service level commitments. If we are unable to meet our service level commitments or suffer periods of downtime that exceed the periods allowed under our subscription agreements, we may be obligated to provide customers with service credits, which could significantly impact our revenue in the period in which the downtime occurs and the credits could be due. We have experienced, and may in the future experience, disruptions, outages, and other performance or quality problems with our platform and with the public cloud and internet infrastructure on which our platform relies. We have encountered issues in the past that have caused Box services to be temporarily unavailable that resulted in our issuing service credits to some of our customers, and we cannot assure you that we will not experience interruptions or delays in our service in the future. We could also face subscription terminations, which could significantly impact our current and future revenue. Any extended or frequent service outages could also adversely affect our reputation, which would also impact our future revenue and operating results.

Our customers depend on us to resolve technical issues relating to our services. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services. Increased customer demand for these services, without corresponding revenue, could increase costs and adversely affect our operating results. In addition, our sales process is highly dependent on the ease of use of our services, our reputation and positive recommendations from our existing customers. Any failure to maintain, or a market perception that we do not maintain, high-quality customer support could adversely affect our reputation and our ability to sell our services to existing and prospective customers.

We are in the process of expanding our international operations, which exposes us to significant risks.

A key element of our growth strategy is to expand our international operations and develop a worldwide customer base. In addition, we have opened, and may continue to open, international offices and hire employees to work at these offices in order to gain access to additional talent. For example, in 2020, we established an office in Warsaw, Poland and, in 2021, we acquired SignRequest B.V., a company located in the Netherlands. We have continued to increase our headcount in these countries as we migrate a larger portion of our development to lower cost regions. We are currently committed to our presence in these countries and have entered into a long-term operating lease in Poland to support our growth. Operating in international markets requires significant resources and management attention and will subject us to regulatory, economic, geographic, social, and political risks that differ from those in the United States. Because of our limited experience with international operations and significant differences between international and U.S. markets, we may not succeed in creating demand for our services outside of the United States or in effectively selling our services in all of the international markets we enter. In addition, we will face challenges in doing business internationally that could adversely affect our business, including:

the need to localize and adapt our services for specific countries, including translation into foreign languages and associated expenses;
laws (and changes to such laws) relating to privacy, data protection and data transfer that, among other things, could require that customer data be stored and processed in a designated territory;
difficulties in staffing and managing foreign operations especially in new markets with diverse cultures, languages, customs and legal systems;
different pricing environments, longer sales cycles and longer accounts receivable payment cycles and collections issues;
differing labor regulations, especially in Europe, where labor laws are generally more advantageous to employees as compared to the United States;
new and different sources of competition;

22


 

weaker protection for intellectual property and other legal rights than in the United States and practical difficulties in enforcing intellectual property and other rights outside of the United States;
laws and business practices favoring local competitors, including economic tariffs;
changes in the geopolitical environment, the perception of doing business with U.S. based companies, and changes in regulatory requirements that impact our operating strategies, access to global markets or hiring;
compliance challenges related to the complexity of multiple, conflicting and changing governmental laws and regulations, including employment, tax, AI, privacy and data protection laws and regulations;
increased financial accounting and reporting burdens and complexities;
currency exchange rate fluctuations;
restrictions on the transfer of funds;
reliance on third-party resellers and other parties;
adverse tax consequences; and
unstable regional, economic, social and political conditions, such as the Hamas-Israel and Russia-Ukraine conflicts.

We are exposed to fluctuations in currency exchange rates, which could adversely affect our operating results or financial position.

We sell our services and incur operating expenses in various currencies. Therefore, fluctuations in the relative value of the U.S. dollar and foreign currencies, particularly the Japanese Yen, and to a lesser extent, the British pound and the Euro, may impact our operating results. For example, the Japanese Yen, the British pound and the Euro have all experienced declines in value vis-à-vis the U.S. dollar, which negatively affected our results of operations during the year ended January 31, 2024 and could continue to negatively impact our results of operations in future periods. We currently primarily manage our exchange rate risk by maintaining offsetting foreign currency assets and liabilities and by minimizing non-U.S. dollar cash balances, and we plan to implement hedging programs in fiscal year 2025 to further mitigate the risk of exchange rate fluctuations. Such practices may not ultimately be available and/or effective at mitigating the foreign currency risk to which we are exposed. If we are unsuccessful in detecting material exposures in a timely manner, any hedging strategies we deploy are not effective, or there are no hedging strategies available for certain exposures that are prudent given the associated risks and the potential mitigation of the underlying exposure achieved, our operating results or financial position could be negatively affected in the future.

If we are unable to maintain and promote our brand, our business and operating results may be harmed.

We believe that maintaining and promoting our brand is critical to expanding our customer base. Maintaining and promoting our brand will depend largely on our ability to continue to provide useful, reliable and innovative services, which we may not do successfully. We may introduce new features, products, services or terms of service that our customers do not like, which may negatively affect our brand and reputation. Additionally, the actions of third parties may affect our brand and reputation if customers do not have a positive experience using third-party apps or other services that are integrated with Box. Maintaining and enhancing our brand may require us to make substantial investments, and these investments may not achieve the desired goals. If we fail to successfully promote and maintain our brand or if we incur excessive expenses in this effort, our business and operating results could be adversely affected.

We have a history of cumulative losses, and we may not be able to sustain profitable growth.

We generated net income of $129.0 million and $26.8 million during the years ended January 31, 2024 and 2023, respectively, and incurred a net loss of $41.5 million during the year ended January 31, 2022. As of January 31, 2024, we had an accumulated deficit of $1.2 billion. The loss in fiscal year 2022 and related accumulated deficit reflect the substantial investments we made to acquire new customers and develop our services. We intend to

23


 

continue scaling our business to increase our number of users and paying organizations and to meet the increasingly complex needs of our customers and may incur additional expenses as we make investments to scale our business. Further, it is difficult to predict the size and growth rate of our market, customer demand for our platform and for any new features or products we develop, and the success of competitive products or services. As a result, we may not sustain profitable growth in future periods.

Our quarterly results may fluctuate significantly and may not fully reflect the underlying performance of our business.

Our quarterly operating results may vary significantly in the future, and period-to-period comparisons of our operating results may not be meaningful. Accordingly, the results of any one quarter should not be relied upon as an indication of future performance. Our quarterly financial results may fluctuate as a result of a variety of factors, and as a result, may not fully reflect the underlying performance of our business. Factors that may cause fluctuations in our quarterly financial results include, but are not limited to:

our ability to attract and retain new customers;
our ability to convert users of our limited free version to paying customers;
the addition or loss of large customers, including through acquisitions or consolidations;
changes in our net retention rate;
the timing of revenue recognition;
the timing and amount of contract renewals;
the impact on billings of customer shifts between payment frequencies;
the timing of cash collections and payments and its impact on cash flows;
the amount and timing of operating expenses related to the maintenance and expansion of our business, operations and infrastructure;
network or service outages, internet disruptions, disruptions to the availability of our service, or actual or perceived security breaches, incidents and vulnerabilities;
general economic, industry and market conditions, including those caused by the Hamas-Israel and Russia-Ukraine conflicts, and as a result of inflation, rising interest rates, or bank failures and financial instability;
changes in our go-to-market strategies and/or pricing policies and/or those of our competitors;
seasonal variations in our billings results and sales of our services, which have historically been highest in the fourth quarter of our fiscal year;
the timing and success of new services and product introductions by us and our competitors or any other change in the competitive dynamics of our industry, including consolidation or new entrants among competitors, customers or strategic partners;
changes in usage or adoption rates of content management services;
the success of our strategic partnerships, including the performance of our resellers; and
the timing of expenses related to the development or acquisition of technologies or businesses and potential future charges for impairment of goodwill from acquired companies.

24


 

Risks Related to Data Privacy and Data Security

Actual or perceived security vulnerabilities in our services or any breaches of our security controls and unauthorized access to our or a customer’s data could harm our business and operating results.

The services we offer involve the storage of large amounts of our and our customers’ sensitive and proprietary information, some of which may be considered personally identifiable. Cyberattacks and other malicious internet-based activity, including ransomware, malware and viruses, continue to increase in frequency and magnitude and we face security threats from malicious third parties that could obtain unauthorized access to, or disrupt, our systems, infrastructure and networks. These threats may come from a variety of sources including nation-state sponsored espionage and hacking activities, industrial espionage, organized crime, sophisticated organizations, hacking groups and individuals and insider threats. These sources can also implement social engineering techniques, such as “phishing,” “smishing” or “vishing” attacks, to induce our partners, users, employees or customers to disclose passwords or other sensitive information or take other actions to gain access to our data or our users’ data. Hackers that acquire user account information at other companies can attempt to use that information to compromise the accounts of our personnel, or our users’ accounts if an account shares the same sensitive information such as passwords. As we increase our customer base, our brand becomes more widely known and recognized, and our service is used in more heavily regulated industries where there may be a greater concentration of sensitive and protected data, such as healthcare, government, life sciences, and financial services, we have become more of a target for these malicious third parties.

In addition, because Box is configured by administrators and users to select their default settings, the third-party integrations they enable, and their privacy and permissions settings, an administrator or user could intentionally or inadvertently configure settings to share their sensitive data. For example, a Box user can choose to share the content they store in Box with third parties by creating a link that can be customized to be accessible by anyone with the link. While this feature is designed to be used for a variety of legitimate use cases in which a user wishes to share non-sensitive content with a broad or public audience, if a user were to intentionally or inadvertently configure a setting that allowed public access to their sensitive data, that data could be discovered and accessed by an unintended third party. We have also incorporated AI technologies into certain product offerings, and may continue to incorporate additional AI technologies into our product offerings, and to otherwise use AI technologies within our business, in the future. Our use of AI technologies may create additional cybersecurity risks or increase cybersecurity risks, including risks of security breaches and incidents. Further, AI technologies may be used in connection with certain cybersecurity attacks, resulting in heightened risks of security breaches and incidents.

We cannot guarantee that any security measures that we or third parties on which we rely have implemented will be completely effective against current or future security threats, or that our systems and networks or those of such third parties have not been breached or otherwise compromised, or that they and any software in our or their supply chains do not contain bugs, vulnerabilities, or compromised code that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us or our products or services. Given that our customers manage significant amounts of sensitive and proprietary information on our platform, and many of our customers are in heavily regulated industries where there may be a greater concentration of sensitive and proprietary data, our reputation and market position are particularly sensitive to impacts from actual or perceived security breaches or incidents, security vulnerabilities, or concerns regarding security. If our security measures or those of third parties on which we rely are or are believed to be inadequate or breached or otherwise compromised as a result of third-party action, employee negligence, error or malfeasance, product defects, social engineering techniques, improper user configuration or otherwise, and this results in, or is believed to result in, unauthorized access to or disclosure, modification, misuse, loss, corruption, unavailability, or destruction of our data or our customers’ data, or any other disruption of the confidentiality, integrity or availability of our data or our customers’ data, we could incur significant liability to various parties, including our customers and individuals or organizations whose information is stored by our customers, and our business, reputation or competitive position may be harmed. Techniques used to obtain unauthorized access to, or to sabotage, systems or networks, are constantly evolving and generally are not recognized until launched against a target. Therefore, we may be unable to anticipate these techniques, react in a timely manner, or implement adequate preventive measures, and we may face delays in our detection or remediation of, or other responses to, security breaches and other security-related incidents or vulnerabilities. We have observed increased level of sophistication in the types of techniques, including social engineering techniques, that malicious third parties may use in an attempt to gain access to our or our users’ data. Due to the Hamas-Israel and Russia-Ukraine conflicts, or other areas of geopolitical tension around the world,

25


 

we and the third parties on which we rely are vulnerable to a heightened risk of cybersecurity attacks, social engineering attacks, viruses, malware, ransomware, hacking or similar breaches and incidents from nation-state and affiliated actors, including attacks that could materially disrupt our supply chain and our systems, operations and platform. Additionally, many of our personnel and personnel of the third parties on which we rely work remotely at least part of the time, which imposes additional risks to our business, including increased risk of industrial espionage, theft of assets, phishing, and other cybersecurity attacks, and inadvertent or unauthorized access to or dissemination of sensitive, proprietary, or confidential information. We also expect to incur significant costs in our ongoing efforts to detect and prevent security breaches and other security-related incidents, and in the event of actual or perceived security breaches or other security-related incidents. Additionally, our service providers and other third parties on which we rely may suffer, or be perceived to suffer, data security breaches or other incidents that may compromise data stored or processed for us that may give rise to any of the foregoing.

Our customer contracts often include (i) specific obligations that we maintain the availability of the customer’s data through our service and that we secure customer content against unauthorized access or loss, and (ii) provisions whereby we indemnify our customers for third-party claims asserted against them that result from our failure to maintain the availability of their content or securing the same from unauthorized access or loss. While our customer contracts generally contain limitations on our liability in connection with these obligations and indemnities, if an actual or perceived security breach or incident occurs, the market perception of the effectiveness of our security measures could be harmed, we could be subject to indemnity or damage claims in certain customer contracts, and we could lose future sales and customers, any of which could harm our business and operating results. Furthermore, while our errors and omissions insurance policies include liability coverage for certain of these matters, if we experience a security breach or other incident, we could be subject to indemnity claims or other damages that exceed our insurance coverage. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results, and reputation.

Privacy concerns and laws or other regulations may reduce the effectiveness of our services and harm our business.

Users can use our services to store identifying information or information that otherwise is considered personal information. Federal, state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations regarding the collection, use and disclosure of personal information obtained from consumers, businesses and other individuals and entities. Data protection, privacy, consumer protection, cybersecurity and other laws and regulations, particularly in Europe, are often more restrictive than those in the United States. The costs of compliance with, and other burdens imposed by, such laws, policies and regulations that apply to our business or our customers’ businesses may limit the use and adoption of our services and reduce overall demand for them.

These laws and regulations, which may be enforceable by private parties and/or governmental entities, are constantly evolving and can be subject to significant change. A number of new laws coming into effect and/or proposals pending before federal, state and foreign legislative and regulatory bodies could affect our business. For example, the European Union’s General Data Protection Regulation (GDPR), which imposes significant obligations on companies regarding the handling of personal data and penalties for noncompliance of up to the greater of 20 million Euros or four percent of a company’s global revenue. Further, local data protection authorities in Europe may adopt regulations and/or guidance more stringent than the GDPR, which may impose additional compliance costs or other burdens that impact our business. In 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield framework, and imposed additional obligations on companies when relying on model contractual clauses approved by the European Commission (EC) to transfer personal data from the EU to the U.S. On September 8, 2020, the Swiss Federal Data Protection and Information Commissioner invalidated the Swiss-U.S. Privacy Shield in light of the CJEU’s decision. These developments or other developments relating to cross-border data transfer may result in the EC, European Data Protection Board and/or other regulators applying differing standards for, and requiring ad hoc verification of, transfers of personal data from the European Economic

26


 

Area (EEA), Switzerland, or the United Kingdom (UK) to the U.S. For example, on June 4, 2021, the EC published new standard contractual clauses (SCCs) that were required to be implemented by companies relying on the SCCs as a basis for cross-border transfers of personal data by December 27, 2022. These or other developments relating to cross-border data transfer required us to issue additional policies, update our data transfer agreements with applicable customers and third-party service providers and assess our practices. This CJEU decision that invalidated the EU-U.S. Privacy Shield framework and/or other legal challenges relating to cross-border data transfers may serve as a basis for challenges to our personal data handling practices, or those of our customers, and may otherwise adversely impact our business, financial condition and operating results. Moreover, European governments and the U.S. government have cooperated to adopt the EU-U.S. Data Privacy Framework, UK-U.S. Data Bridge and Swiss-U.S. Framework (together, the “Data Privacy Framework”) replacing the EU-U.S. Privacy Shield Framework. While the Data Privacy Framework could benefit the industry as a whole, and we presently maintain self-certification under the Data Privacy Framework, maintaining compliance with the Data Privacy Framework could result in additional costs. The EU-U.S. Data Privacy Framework also already has faced legal challenges, and more generally, the Data Privacy Framework may be subject to future reviews, and subject to suspension, amendment, repeal, or limitations.

Brexit has created uncertainty around data protection issues and could lead to further legislative and regulatory changes. For example, the UK Data Protection Act of 2018 substantially mirrors the EU GDPR in the UK and was the subject of statutory amendments that further aligned it with the GDPR in 2019. In June 2021, the EC announced a decision that the UK is an “adequate country” to which personal data could be exported from the EEA, but this decision must be renewed and may face challenges in the future, creating uncertainty regarding transfers of personal data to the UK from the EEA. It remains unclear how UK data protection laws or regulations will develop, and how data transfers to and from the UK will be regulated, over time. In 2022, the Information Commissioner’s Office (ICO) issued the UK SCCs as a valid data transfer mechanism for cross border data transfers from the UK to third countries that are required to be implemented by companies relying on the UK SCCs as a basis for cross-border transfers of personal data by March 21, 2024. Additional or modified guidance regarding, or changes to, UK cross border data transfers and/or overall UK data protection laws and/or guidance could occur, which may require us to change our policies, practices and engage in additional contractual negotiations. Such legislative and regulatory changes may result in increased costs of compliance and limitations on our customers and us.

In 2018, the State of California enacted the California Consumer Privacy Act (CCPA), which became operative on January 1, 2020. The CCPA requires covered companies to, among other things, provide new disclosures to California consumers and afford such consumers new abilities to opt-out of certain sales of personal information. Additionally, the California Privacy Rights Act (CPRA) was approved by California voters in November 2020 and amended and expanded the CCPA. The CPRA’s substantive provisions became effective on January 1, 2023, and the newly formed California Privacy Protection Agency began its rulemaking process to adopt proposed regulations, with those regulations adopted on March 29, 2023. Our CPRA compliance efforts are subject to change and may result in continued uncertainty and require additional costs and expenses to ensure readiness, compliance and decrease risks. Further, other states have been considering, and in some cases enacting, laws relating to privacy and cybersecurity, many of which are comprehensive privacy statutes imposing obligations similar to the CCPA and CPRA. For example, Virginia, Colorado, Connecticut, and Utah enacted such legislation that became effective in 2023, and Delaware, Tennessee, Iowa, Indiana, Montana, Florida, Oregon, Texas, New Hampshire, and New Jersey have enacted privacy laws that become effective between 2024 and 2026. In addition, Pennsylvania, Massachusetts, and North Carolina, amongst other U.S. states, are anticipated to follow suit. Efforts to comply with these laws and related fluctuations in laws relating to privacy and cybersecurity at the federal, state and local levels may impact readiness and compliance, along with the potential to incur additional costs. We cannot fully predict the impact of these laws and other proposed federal and state laws relating to privacy and cybersecurity on our business or operations, but they may require us to modify our data processing practices and policies and incur substantial costs and expenses in an effort to comply.

In addition, some countries, such as member states of the EEA are considering or have enacted legislation requiring storage localization and/or the processing of more regulated types of data in region, along with other limitations that could impact U.S. technology companies (e.g., cloud service providers) and more specifically, Box. If we are unable to develop and offer services that meet these obligations or help our customers meet their requirements under the laws, regulations, case law or guidance issued relating to privacy, data protection, or

27


 

information security, we may become unable to provide services in these regions and/or be subject to significant fines and penalties, which would harm our business.

We also expect laws, regulations, industry standards and other obligations worldwide relating to privacy, data protection, and cybersecurity to continue to evolve, and that there will continue to be new, modified, and re-interpreted laws, regulations, standards, and other obligations in these areas. We cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of, existing laws and regulations, industry standards, or other obligations may have on us or our business. Moreover, these existing and proposed laws, regulations, standards, and other actual or asserted obligations can be difficult and costly to comply with, delay or impede the development or adoption of our products and services, reduce the overall demand for our products and services, increase our operating costs, require modifications to our policies, practices, or products or services, require significant management time and attention, and slow the pace at which we close (or prevent us from closing) sales transactions. Additionally, any actual or alleged noncompliance with these laws, regulations, standards, or other actual or asserted obligations could result in negative publicity and subject us to investigations and other proceedings by regulatory authorities, claims, demands, and litigation by private entities, or other requested remedies or demands, including demands that we modify or cease existing business practices, and expose us to significant fines, penalties and other damages and liabilities. In addition to the possibility of fines, proceedings, demands, claims, and litigation, we may find it necessary or appropriate to fundamentally change our business activities and practices, including the establishment of in-region data storage or other data processing operations, or modify or cease offering certain products or services, any of which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new offerings and features could be limited.

Furthermore, government agencies may seek to access sensitive information that our users upload to Box, or restrict users’ access to Box. Laws and regulations relating to government access and restrictions are evolving, and compliance with such laws and regulations could limit adoption of our services by users and create burdens on our business. Moreover, regulatory investigations into, or other proceedings by regulators or private entities involving, our compliance with privacy-related laws and regulations could increase our costs and divert management attention.

If we are not able to satisfy data protection, security, privacy, and other government- and industry-specific requirements, our growth could be significantly harmed.

There are a number of data protection, security, privacy and other government- and industry-specific requirements, including those that require companies to notify individuals of data security incidents involving certain types of personal data. Security compromises experienced by our competitors, by our customers or by us may lead to public disclosures, which could harm our reputation, erode customer confidence in the effectiveness of our security measures, negatively impact our ability to attract new customers, or cause existing customers to elect not to renew their agreements with us. Our customers also expect, and in some instances require, us to meet voluntary certifications or adhere to guidelines or standards established by third parties, to offer particular controls, or otherwise support customer-specific requirements. Although we currently have certain certifications such as AICPA SOC 1, 2 and 3 reports, and ISO/IEC 27001, 27017, 27018, and 27701 we may not be successful in continuing to maintain these certifications or in obtaining other certifications or otherwise being able to adhere to or comply with all customer requirements. In addition, some of the industries and/or regions that we serve have specific requirements relating to security and regulatory standards, such as GxP, FedRAMP and StateRAMP, and those required by HIPAA, FINRA, HITECH Act, the Data Privacy Framework and Asia-Pacific Economic Cooperation Privacy Recognition for Processors and Cross Border Privacy Rules. As we expand into new industries and regions, we will likely need to comply with these and other new requirements to compete effectively. We may not always be able to support or comply with all of these customer requirements. If we cannot adequately comply with these requirements, our growth could be adversely impacted, we may face a loss of customers or difficulty attracting new customers in impacted industries, and we could incur significant liability and our reputation and business could be significantly harmed. In addition, as regulations in the EU and the UK continue to shift, it could impact our ability to comply with and maintain EU and UK Processor and Controller Binding Corporate Rules.

28


 

Risks Related to Our Technical Operations Infrastructure and Dependence on Third Parties

If we are unable to ensure that our solutions interoperate with operating systems, software applications and technologies developed by others, our service may become less competitive, and our operating results may be harmed.

We offer our services across a variety of operating systems and through the internet. We are dependent on the interoperability of our platform with third-party mobile devices, tablets, desktop and mobile operating systems, as well as web browsers that we do not control. Any changes in such systems, devices or web browsers that degrade the functionality of our services or give preferential treatment to competitive services could adversely affect usage of our services and our ability to deliver high quality services. We may not succeed in developing relationships with key participants in the mobile industry or in developing services that operate effectively with these operating systems, networks, infrastructure, devices, web browsers and standards. In the event that our users experience difficulty accessing and using our services, our user growth may be harmed, and our business and operating results could be adversely affected.

If we fail to effectively manage our technical operations infrastructure, our customers may experience service outages and delays in the deployment of our services, which may adversely affect our business.

We have experienced significant growth in the number of users and the amount of data that our operations infrastructure supports. We seek to maintain sufficient excess capacity in our operations infrastructure to meet our customers’ needs. We also seek to maintain excess capacity to facilitate the rapid provisioning of new customer deployments and the expansion of existing customer deployments. In addition, we need to properly manage our technological operations infrastructure in order to support version control, changes in hardware and software parameters and the evolution of our services. However, the provision of new hosting infrastructure requires significant lead-time. We have experienced, and may in the future experience, website disruptions, incidents of data corruption and loss, service outages and other performance problems. These problems may be caused by a variety of factors, including infrastructure changes, changes to our core services architecture, changes to our infrastructure necessitated by legal and compliance requirements governing the storage and transmission of data, human or software errors, viruses, security attacks, fraud, spikes in customer usage, primary and redundant hardware or connectivity failures, dependent data center and other service provider failures and denial of service issues. Additionally, our ability to properly manage our technical operations infrastructure depends on the reliability of the global supply chain for hardware, network, and platform infrastructure equipment. Significant and unforeseen disruptions to the supply chain may impede our ability to meet our infrastructure capacity requirements. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time, which may harm our reputation and operating results. Furthermore, if we encounter any of these problems in the future, our customers may lose access to important data or experience data corruption or service outages that may subject us to financial penalties, other liabilities and customer losses. If our operations infrastructure fails to keep pace with increased sales, customers may experience delays as we seek to obtain additional capacity, which could adversely affect our reputation and our business. Further, as we decommission on-premise infrastructure hosted in data centers, our sale of data center equipment could occur over a period longer than planned and result in lower than expected sale proceeds.

Interruptions or delays in service from our third-party cloud computing and hosting providers could impair the delivery of our services and harm our business.

We currently store and process our customers’ information in third-party cloud computing and hosting facilities inside and outside of the United States. As we have recently migrated our storage and processing operations to cloud computing and hosting facilities operated by third parties, our service has become more susceptible to interruptions or delays that are out of our direct control. These third parties are vulnerable to operational and technological disruptions, including from cyber-attacks and security breaches and incidents, which may negatively impact our ability to provide services to our customers and operate our business. Similarly, as part of our disaster recovery arrangements, our production environment and all of our customers’ data is typically replicated on third-party storage platforms located inside and outside of the United States. These facilities may be located in areas prone to natural disasters and may experience events such as earthquakes, floods, fires, power loss, telecommunications failures and similar events. They may also be subject to break-ins, sabotage, intentional acts of vandalism, cyber-attacks and similar misconduct, including by state-sponsored or otherwise well-funded actors. Any

29


 

damage to, or failure of, our systems generally, or those of the third-party cloud computing and hosting providers, could result in interruptions in our service, which may reduce our revenue, cause us to issue credits or pay penalties, cause customers to terminate their subscriptions and adversely affect our renewal rate and our ability to attract new customers. We may only have limited remedies against third-party providers in the event of any service disruptions. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. Our business will also be harmed if our customers and potential customers believe our service is unreliable. Despite precautions taken by these third-party providers, the occurrence of disasters, security issues (including an act of terrorism or an armed conflict), certain geopolitical events, labor or trade disputes, or pandemics, could lead to a decision to close the facilities without adequate notice or other unanticipated problems that result in lengthy interruptions in our service or cause us to not comply with certification requirements. Even with the disaster recovery arrangements, we have never performed a full live failover of our services and, in an actual disaster, we could learn our recovery arrangements are not sufficient to address all possible scenarios and our service could be interrupted for a longer period than expected. We have encountered issues in the past that have caused Box services to be temporarily unavailable that resulted in our issuing service credits to some of our customers, and we cannot assure you that we will not experience interruptions or delays in our service in the future. If third parties are unable to perform services for us because of service interruptions or extended outages, or because those services are no longer available on commercially reasonable terms, our expenses could increase and our customers’ use of our products could be impaired until equivalent services, if available, are identified, obtained and implemented, all of which could adversely affect our business.

Our services are becoming increasingly mission-critical for our customers and if these services fail to perform properly or if we are unable to scale our services to meet our customers’ needs, our reputation could be adversely affected, our market share could decline and we could be subject to liability claims.

Our services are becoming increasingly mission-critical to our customers’ business operations, as well as their ability to comply with legal requirements, regulations, and standards such as GxP, FINRA, HIPAA, FedRAMP and StateRAMP. These services and offerings are inherently complex and may contain material defects or errors that could cause interruptions in the availability of our services, as well as user error, which could result in loss or delayed market acceptance and sales, breach of contract or warranty claims, issuance of sales credits or refunds for prepaid amounts related to unused subscription services, loss of customers, diversion of development and customer service resources, and harm to our reputation. The costs incurred in correcting any material defects or errors might be substantial and could adversely affect our operating results. Further, our errors and omissions insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our insurance may not cover all claims made against us and defending a lawsuit, regardless of its merit, could be costly and divert management’s attention. Because of the large amount of data that we collect and manage, it is possible that hardware failures, software errors, errors in our systems, or by third-party service providers, user errors, or internet outages could result in significant data loss or corruption. Furthermore, the availability or performance of our services could be adversely affected by a number of factors, including customers’ inability to access the internet, the failure of our network or software systems, security breaches or variability in customer traffic for our services. We have been, and in the future may be, required to issue credits or refunds for prepaid amounts related to unused services or otherwise be liable to our customers for damages they may incur resulting from some of these events.

Furthermore, we will need to ensure that our services can scale to meet the needs of our customers, particularly as we continue to focus on larger enterprise customers. If we are not able to provide our services at the scale required by our customers, potential customers may not adopt our solution and existing customers may not renew their agreements with us.

We rely on third parties for certain financial and operational services essential to our ability to manage our business. A failure or disruption in these services could materially and adversely affect our ability to manage our business effectively.

We rely on third parties for certain essential financial and operational services. We receive many of these services on a subscription basis from various software-as-a-service companies that are smaller and have shorter operating histories than traditional software vendors. Moreover, these vendors provide their services to us via a cloud-based model instead of software that is installed on our premises. We depend upon these vendors to provide us with services that are always available and are free of errors or defects that could cause disruptions in our

30


 

business processes, and any failure by these vendors to do so, or any disruptions in networks or the availability of the internet, would adversely affect our ability to operate and manage our operations.

We employ third-party software for use in or with our services, and the inability to maintain licenses to this software, or errors in the software, could result in increased costs, or reduced service levels, which would adversely affect our business.

Our services incorporate certain third-party software obtained under open source licenses or licenses from other companies. We anticipate that we will continue to rely on such third-party software and development tools in the future. Although we believe that there are commercially reasonable alternatives to the third-party software we currently license, this may not always be the case, or it may be difficult or costly to replace. In addition, integration of the software used in our services with new third-party software may require significant work and require substantial investment of our time and resources. Also, to the extent that our services depend upon the successful operation of third-party software in conjunction with our software, any undetected errors or defects in this third-party software could prevent the deployment or impair the functionality of our services, delay the introduction of new services, result in a failure of our services, and injure our reputation. Our use of additional or alternative third-party software would require us to enter into additional license agreements with third parties. If we are unable to maintain licenses to software necessary to operate our business, or if third-party software that we use contains errors or defects, our costs may increase, or the services we provide may be harmed, which would adversely affect our business.

Our growth depends in part on the success of our strategic relationships with third parties.

In order to grow our business, we anticipate that we will continue to depend on our relationships with third parties, such as alliance partners, resellers, distributors, system integrators and developers. For example, we have entered into agreements with partners such as Adobe, Apple, Cisco, Cloudflare, Google, IBM, Macnica Networks, Microsoft, Mitsui Knowledge Industry, Okta, Oracle-Netsuite, Palo Alto Networks, Salesforce, ServiceNow, Slack, USDM and Zoom to market, resell, integrate with or endorse our services. Identifying partners and resellers, and negotiating and documenting relationships with them, requires significant time and resources.

We also depend on our ecosystem of system integrators, partners and developers to create applications that will integrate with our platform or permit us to integrate with their product offerings. This presents certain risks to our business, including:

we cannot provide any assurance that these third-party applications and products meet the same quality standards that we apply to our own development efforts, and to the extent that they contain bugs or defects or otherwise fail to perform as expected, they may create disruptions in our customers’ use of our services or negatively affect our brand and reputation;
we do not currently provide support for software applications developed by our partner ecosystem, and users may be left without support and potentially cease using our services if these system integrators and developers do not provide adequate support for their applications;
we cannot provide any assurance that we will be able to successfully integrate our services with our partners’ products or that our partners will continue to provide us the right to do so; and
these system integrators, partners and developers may not possess the appropriate intellectual property rights to develop and share their applications.

In addition, our competitors may be effective in providing incentives to third parties to favor their products or services, or to prevent or reduce subscriptions to our services. In some cases, we also compete directly with our partners’ product offerings, and if these partners stop reselling or endorsing our services or impede our ability to integrate our services with their products, our business and operating results could be adversely affected. Moreover, competitor acquisitions of our partners could result in a decrease in the number of current and potential customers, as our partners may no longer facilitate the adoption of our services by potential customers.

If we are unsuccessful in establishing or maintaining our relationships with third parties, or realizing the anticipated benefits from such partnerships, our ability to compete in the marketplace or to grow our revenue could

31


 

be impaired and our operating results may suffer. Even if we are successful, we cannot assure you that these relationships will result in increased customer usage of our services or increased revenue.

Our business is subject to the risks of natural disasters, pandemics and other catastrophic events that could disrupt our business operations and our business continuity and disaster recovery plans may not adequately protect us from a serious disaster.

The occurrence of any catastrophic event, including a pandemic, earthquake, fire, flood, tsunami, or other weather event, power loss, telecommunications failure, software or hardware malfunctions, cyber-attack, war, or terrorist attack, could result in lengthy interruptions in our service. Our corporate headquarters is located in the San Francisco Bay Area, a region known for seismic activity. Our insurance coverage may not compensate us for losses that may occur in the event of an earthquake or other significant natural disaster. In addition, pandemics, acts of terrorism or war could cause disruptions to the internet or the economy as a whole, which could have a significant impact on our business and operating results. If our or our partners’ business continuity and disaster recovery arrangements prove to be inadequate, our services could be interrupted. Our partners, suppliers, and customers are also subject to the risk of catastrophic events. In those events, our ability to deliver our services in a timely manner, as well as the demand for our services, may be adversely impacted by factors outside our control. If our systems were to fail or be negatively impacted as a result of a natural disaster, pandemic or other catastrophic event, our ability to deliver our services to our customers would be impaired, we could lose critical data, our reputation could suffer and we could be subject to contractual penalties.

In addition, while the long-term effects of climate change on the global economy and the technology industry in particular are unclear, we recognize that there are inherent climate related risks wherever business is conducted. Any of our primary locations may be vulnerable to the adverse effects of climate change. For example, our California corporate offices have historically experienced, and are projected to continue to experience, physical climate change risks, including drought and water scarcity, warmer temperatures, rising sea levels, wildfires and air quality impacts and power shut-offs associated with wildfire prevention. Climate-related events, including the increasing frequency of extreme weather events and their impact on critical infrastructure in the United States and elsewhere, have the potential to disrupt our business, our third-party suppliers, and/or the business of our customers, and may cause us to experience higher attrition, losses and additional costs to maintain and resume operations. Transitional climate change risks may subject us to increased regulations, reporting requirements, standards, or expectations regarding the environmental impacts of our business and untimely or inaccurate disclosure could adversely affect our reputation, business or financial performance.

If we overestimate or underestimate our cloud-based server capacity requirements, our operating results could be adversely affected.

We continuously evaluate our short- and long-term cloud-based server capacity requirements to ensure adequate capacity for new and existing customers while minimizing unnecessary excess capacity costs. If we overestimate the demand for our cloud content management services and therefore secure excess cloud-based server capacity, our operating margins could be reduced. If we underestimate our cloud-based server capacity requirements or if we are unable to meet our contractual minimum commitments, we may not be able to service the expanding needs of customers and may be required to limit new customer acquisition or provide credits or refunds to existing customers, which would impair our revenue growth and harm our operating results. We outsource a substantial majority of our cloud hosting to Google Cloud Platform (GCP), which hosts our products and platform. To the extent we do not effectively address capacity constraints, either through GCP or alternative providers of cloud hosting, or other risks are realized that may result in interruptions, delays and outages in service and availability of our products and/or services, our business and operating results may be adversely affected. Furthermore, regardless of our ability to appropriately manage our cloud-based server capacity requirements, only a small percentage of our customers currently use Box to organize all of their internal files, and an increase in the number of organizations, in particular large businesses and enterprises, that use our service as a larger component of their content storage requirements, could result in lower gross and operating margins or otherwise have an adverse impact on our financial condition and operating results.

32


 

Changes in laws and regulations related to the internet or changes in the internet infrastructure itself, or disruption in access to the internet or critical services on which the internet depends, may diminish the demand for our services, and could have a negative impact on our business.

The future success of our business depends upon the continued use and availability of the internet as a primary medium for commerce, communication and business services. Federal, state or foreign government bodies or agencies have in the past adopted, and may in the future adopt, laws or regulations affecting the use of the internet as a commercial medium. The adoption of any laws or regulations that adversely affect the growth, popularity or use of the internet, including laws or practices limiting internet neutrality, could decrease the demand for, or the usage of, our services, increase our cost of doing business, adversely affect our operating results, and require us to modify our services in order to comply with these changes. In addition, government agencies or private organizations may begin to impose taxes, fees or other charges for accessing the internet or commerce conducted via the internet. These laws or charges could limit the growth of internet-related commerce or communications generally, or result in reductions in the demand for internet-based services such as ours.

In addition, the use of the internet and, in particular, the cloud as a business tool could be adversely affected due to delays in the development or adoption of new standards and protocols to handle increased demands of internet activity, security, reliability, cost, ease of use, accessibility, and quality of service. The performance of the internet and its acceptance as a business tool have been adversely affected by “viruses,” “worms,” “denial of service attacks” and similar malicious activity. The internet has also experienced a variety of outages, disruptions and other delays as a result of this malicious activity targeted at critical internet infrastructure. These service disruptions could diminish the overall attractiveness to existing and potential customers of services that depend on the internet and could cause demand for our services to suffer.

Risks Related to Employees and Managing Our Growth

We depend on our key employees and other highly skilled personnel to grow and operate our business, and if we are unable to hire, retain and motivate our personnel, we may not be able to grow effectively.

Our future success depends upon our continued ability to identify, hire, develop, motivate and retain highly skilled personnel, representing diverse backgrounds, experiences, and skill sets, including senior management, engineers, designers, product managers, sales representatives, and customer support representatives. Identifying, recruiting, training and integrating qualified individuals will require significant time, expense and attention. In addition to hiring new employees, we must continue to focus on retaining our best employees, and fostering a diverse and inclusive work environment that enables all of our employees to prosper. Competition for highly skilled personnel is intense, particularly in the San Francisco Bay Area, where our headquarters is located. We may need to invest significant amounts of cash and equity to attract new employees and retain existing employees, and we may never realize returns on these investments. Moreover, our ability to attract and hire personnel may be materially adversely affected by changes to immigration laws or the availability of work visas. Furthermore, as some of our employees work remotely from geographic areas across the globe and more of our employees work remotely on a permanent basis, we may need to reallocate our investment of resources and closely monitor a variety of local regulations and requirements, and we may experience unpredictability in our expenses and employee work culture. If we are not able to effectively add and retain employees, or if our employees do not perform to the standards we expect of them, our ability to achieve our strategic objectives will be adversely impacted, and our business will be harmed.

Our success is also dependent upon contributions from our executive officers and other key employees and, in particular, Aaron Levie, our co-founder and Chief Executive Officer. In addition, occasionally, there may be changes in our senior management team that could disrupt our business. For example, in November 2023, Olivia Nottebohm joined us as our Chief Operating Officer. The loss of one or more of our executive officers or key employees, or the failure of our senior management team to work together effectively and execute our plans and strategies, could harm our business.

33


 

Failure to adequately expand and optimize our direct sales force and successfully maintain our online sales experience could impede our growth.

We will need to continue to optimize our sales infrastructure in order to grow our customer base and business. As a result of weakened economic conditions, we have significantly curtailed our employees’ business-related travel, which may negatively impact our ability to recruit and train our sales force. Our business may be adversely affected if our efforts to expand and train our direct sales force do not generate a corresponding increase in revenue. If we are unable to hire, develop and retain talented sales personnel or if new direct sales personnel are unable to achieve desired productivity levels in a reasonable period of time, we may not realize the intended benefits of this investment or increase our revenue.

We maintain our Box website to efficiently service our high volume, low dollar customer transactions and certain customer inquiries. Our goal is to continue to evolve this online experience so it effectively serves the increasing and changing needs of our growing customer base. If we are unable to maintain an effective online solution to meet the future needs of our online customers and to eliminate fraudulent transactions occurring in this channel, we could see reduced online sales volumes as well as a decrease in our sales efficiency, which could adversely affect our results of operations.

Any acquisitions and investments we make could disrupt our business and harm our financial condition and operating results.

We have acquired, and may in the future acquire, other companies, employee teams, or technologies to complement or expand our services and grow our business. For example, in December 2023, we acquired Crooze Corporation, a provider of no-code enterprise content management applications built on the Box platform. We may not be able to successfully complete or integrate identified acquisitions. Moreover, we may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition. The risks we face in connection with acquisitions include:

diversion of management time and focus from operating our business to addressing acquisition integration challenges;
coordination of research and development and sales and marketing functions;
retention of key employees from the acquired company;
cultural challenges associated with integrating employees from the acquired company into our organization;
integration of the acquired company’s technology and products into our business, particularly if the acquired company’s software and services are not easily adapted to work with our products;
integration of the acquired company’s accounting, management information, human resources and other administrative systems, as well as the acquired operations, and any unanticipated expenses related to such integration;
the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked effective controls, procedures and policies;
liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and other known and unknown liabilities;
completing the transaction and achieving the anticipated benefits of the acquisition within the expected timeframe or at all;
unanticipated write-offs, expenses, charges or risks associated with the transaction;
litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties, which may differ from or be more significant than the risks our business faces; and
acquisitions could result in dilutive issuances of equity securities or the incurrence of debt.

34


 

Our failure to address these risks or other problems encountered in connection with our past or future acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally. Future acquisitions could also result in dilutive issuances of our equity securities, the incurrence of debt, contingent liabilities, amortization expenses, incremental operating expenses or the write-off of goodwill, any of which could harm our financial condition or operating results.

Our company culture has contributed to our success, and if we cannot maintain this culture, we could lose the innovation, creativity and teamwork fostered by our culture, and our business may be harmed.

We believe that our culture has been and will continue to be a key contributor to our success. We expect to continue to hire additional employees as we expand our business. As our organization expands globally and as employees’ workplace expectations develop, we may find it increasingly difficult to maintain the beneficial aspects of our corporate culture globally. These difficulties may be further amplified by our decision to maintain a hybrid workforce. If we do not continue to develop our company culture or maintain our core values as we grow and evolve both in the United States and abroad, we may be unable to foster the innovation, creativity and teamwork we believe we need to support our growth.

Risks Related to Our Intellectual Property

We may be sued by third parties for alleged infringement of their proprietary rights.

There is considerable patent and other intellectual property development activity in our industry. Our success depends on developing or licensing our own intellectual property and not infringing upon the valid intellectual property rights of others. Our competitors, as well as a number of other entities, including non-practicing entities, and individuals, may own or claim to own intellectual property relating to our industry.

From time to time, third parties have claimed, and in the future may claim, that we are infringing upon their intellectual property rights, and we may be found to be infringing upon such rights. We may be unaware of the intellectual property rights that others may claim cover some or all of our technology or services. Additionally, the intellectual property rights surrounding AI technologies have not been fully addressed by U.S. courts or other federal or state laws or regulations, and the use or adoption of AI technologies in our products and services may expose us to copyright infringement or other intellectual property misappropriation claims. Any claims or litigation could cause us to incur significant expenses and, if successfully asserted against us, could require that we pay substantial damages or ongoing royalty payments, prevent us from offering our services, or require that we comply with other unfavorable terms. We may also be obligated to indemnify our customers or business partners or pay substantial settlement costs, including royalty payments, in connection with any such claim or litigation and to obtain licenses, modify services, or refund fees, which could be costly. Even if we were to prevail in such a dispute, any litigation regarding our intellectual property could be costly and time consuming and divert the attention of our management and key personnel from our business operations. During the course of any litigation, we may make announcements regarding the results of hearings and motions, and other interim developments. If securities analysts or investors regard these announcements as negative, the market price of our Class A common stock may decline.

Any failure to protect our intellectual property rights could impair our ability to protect our proprietary technology and brand.

Our success and ability to compete depend in part on our intellectual property. We primarily rely on copyright, patent, trade secret and trademark laws, trade secret protection and confidentiality or license agreements with our employees, customers, partners and others to protect our intellectual property rights. However, the steps we take to protect our intellectual property rights may be inadequate. We may not be able to obtain any further patents, and our pending applications may not lead to the issuance of patents. We may also have to expend significant resources to obtain additional patents as we expand our international operations.

35


 

In order to protect our intellectual property rights, we may spend significant resources to monitor and protect these rights. Litigation brought to protect and enforce our intellectual property rights could be costly, time-consuming and distracting to management and may result in the impairment or loss of portions of our intellectual property. Furthermore, our efforts to enforce our intellectual property rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property rights. Accordingly, we may not be able to prevent third parties from infringing upon or misappropriating our intellectual property. Our failure to secure, protect and enforce our intellectual property rights could materially adversely affect our brand and adversely impact our business.

Our services contain open source software, and we license some of our software through open source projects, which may pose particular risks to our proprietary software, products, and services in a manner that could have a negative impact on our business.

We use open source software in our services and will use open source software in the future. In addition, we regularly contribute software source code to open source projects under open source licenses or release internal software projects under open source licenses, and anticipate doing so in the future. The terms of many open source licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to provide or distribute our services. Additionally, from time to time third parties may claim ownership of, or demand release of, the open source software or derivative works that we developed using such software, which could include our proprietary source code, or otherwise seek to enforce the terms of the applicable open source license. These claims could result in litigation and could require us to make our software source code freely available, purchase a costly license or cease offering the implicated services unless and until we can re-engineer them to avoid infringement. This re-engineering process could require significant additional research and development resources, and we may not be able to complete it successfully. In addition to risks related to license requirements, use of certain open source software can lead to greater risks than use of third-party commercial software, as open source code may contain bugs or other defects and open source licensors generally do not provide warranties or controls on the functionality or origin of software. Additionally, because any software source code we contribute to open source projects is publicly available, our ability to protect our intellectual property rights with respect to such software source code may be limited or lost entirely, and we cannot prevent our competitors or others from using such contributed software source code. Any of these risks could be difficult to eliminate or manage and could have a negative effect on our business, financial condition and operating results.

Risks Related to Our Financial Position and Need for Additional Capital

We may require additional capital to support our liabilities, operations or the growth of our business, and we cannot be certain that this capital will be available on reasonable terms when required, or at all.

On occasion, we may need additional financing for a variety of reasons, including servicing our liabilities, operating or growing our business, responding to business opportunities, undertaking acquisitions, funding stock repurchases, satisfying our dividend or share redemption obligations of our Series A Convertible Preferred Stock, or repaying our 0.00% convertible senior notes due January 15, 2026 (the “Convertible Notes”).

For example, in January 2021, we issued $345.0 million aggregate principal amount of Convertible Notes, which we have irrevocably elected to settle in cash upon maturity. Additionally, in May 2021, we issued and sold 500,000 shares of our Series A Convertible Preferred Stock for an aggregate purchase price of $500 million. Our ability to refinance or obtain additional financing, if and when required, will depend on investor and lender demand, our operating performance, the condition of the capital markets and other factors. We cannot guarantee that additional financing will be available to us on favorable terms when required, or at all. If we raise additional funds through the issuance of equity, equity-linked or debt securities, those securities may have rights, preferences or privileges senior to the rights of our Class A common stock, and our existing stockholders may experience dilution. If we are unable to obtain adequate financing or financing on terms satisfactory to us when we require it, our ability to continue to support the operation or growth of our business could be significantly impaired and our operating results may be harmed. Rising interest rates may reduce our access to equity-linked or debt capital and increase our cost of borrowings, which could adversely impact our business, operating results and financial position.

36


 

Financing agreements we are party to or may become party to may contain operating and financial covenants that restrict our business and financing activities.

Our senior credit facility contains certain operating and financial restrictions and covenants that may restrict our and our subsidiaries’ ability to, among other things, incur indebtedness, grant liens on our assets, make loans or investments, consummate certain merger and consolidation transactions, dispose of assets, incur contractual obligations and commitments and enter into affiliate transactions, subject in each case to customary exceptions. We are also required to comply with a maximum senior secured leverage ratio, a maximum total leverage ratio and a minimum interest coverage ratio. These restrictions and covenants, as well as those contained in any future financing agreements that we may enter into, may restrict our ability to finance our operations, engage in, expand or otherwise pursue our business activities and strategies. Our ability to comply with these covenants may be affected by events beyond our control, and breaches of these covenants could result in a default under the senior credit facility and any future financial agreements that we may enter into and under other arrangements containing cross-default provisions. If not waived, defaults could cause our outstanding indebtedness under our senior credit facility and any future financing agreements that we may enter into to become immediately due and payable, and permit our lenders to terminate their lending commitments and to foreclose upon any collateral securing such indebtedness.

Risks Related to Financial, Accounting, Tax and Other Legal Matters

If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.

As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, the Sarbanes-Oxley Act and the listing standards of the New York Stock Exchange (NYSE). We have expended, and anticipate that we will continue to expend, significant resources to comply with these rules and regulations.

The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures, and internal control over financial reporting. Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business, including increased complexity resulting from our international expansion. Further, weaknesses in our disclosure controls or our internal control over financial reporting may be discovered in the future. Additionally, to the extent that we acquire other businesses, the acquired company may not have a sufficiently robust system of internal controls and we may uncover new deficiencies. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Any failure to implement and maintain effective internal control over financial reporting could also adversely affect the results of management reports and independent registered public accounting firm audits of our internal control over financial reporting that we are required to include in our periodic reports that we file with the SEC. Ineffective disclosure controls and procedures, and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the market price of our Class A common stock. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on the NYSE.

Any failure to maintain effective disclosure controls and internal control over financial reporting could have a material and adverse effect on our business and operating results, and cause a decline in the market price of our Class A common stock.

Our reported financial results may be adversely affected by changes in accounting principles generally accepted in the United States.

Generally accepted accounting principles in the United States are subject to interpretation by the Financial Accounting Standards Board (FASB), the SEC and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results, and could affect the reporting of transactions completed before the announcement of a change. These or other changes in accounting principles could adversely affect our financial results. Any difficulties in

37


 

implementing these pronouncements could cause us to fail to meet our financial reporting obligations, which could result in regulatory discipline and harm investors’ confidence in us.

Tax laws or regulations could be enacted or changed and existing tax laws or regulations could be applied to us or to our customers in a manner that could increase the costs of our services and adversely impact our business.

The application of federal, state, local and international tax laws to services provided electronically is complex and continuously evolving. Income, sales, use, value added or other tax laws, statutes, rules, regulations or ordinances could be enacted or amended at any time, possibly with retroactive effect, and could be applied solely or disproportionately to services provided over the internet. These enactments or amendments could adversely affect our sales activity due to the inherent cost increase the taxes would represent and ultimately result in a negative impact on our operating results and cash flows.

Our future effective tax rates and results from operations could be unfavorably affected by changes in the tax rates in jurisdictions where our income is earned, by changes to limitations on our utilization of net operating losses, or by changes in the tax rules and regulations in the jurisdictions in which we do business. For example, the Tax Cuts and Jobs Act of 2017 eliminated the option to deduct research and development expenditures currently and instead required taxpayers to capitalize and amortize them over five or fifteen years beginning in our fiscal year 2023. The Inflation Reduction Act of 2022 also imposed a 1% excise tax on certain repurchases of stock and a 15% alternative minimum tax on adjusted financial statement income.

Further, in 2021, the Organization for Economic Cooperation and Development (OECD) introduced a framework, referred to as Pillar Two, which contemplates a global minimum effective tax rate of 15%. In December 31, 2023, Pillar Two was implemented by the Council of the European Union and its member states. Similar directives under Pillar Two are already adopted or expected to be adopted by taxing authorities in other countries where we do business, including the UK. The OECD continues to release more guidance on these rules and framework and we are evaluating the impact to our financial position. These enactments or amendments could adversely affect our tax rate and ultimately result in a negative impact on our operating results and cash flows.

In addition, existing tax laws, statutes, rules, regulations or ordinances could be interpreted or applied adversely to us, possibly with retroactive effect, which could require us or our customers to pay additional tax amounts, as well as require us or our customers to pay fines or penalties, as well as interest for past amounts. For example, we are subject to examination regarding our interpretation of tax laws by domestic and foreign tax authorities. If the taxing authorities do not agree with our interpretations, or if we become subject to an adverse tax assessment, we may incur significant liabilities and/or be required to change our practices going forward. Further, to the extent it is determined that our customers should have paid certain taxes, and if we are unsuccessful in collecting such taxes due from our customers, we could be held liable for such costs and/or interest and penalties, thereby adversely impacting our operating results and cash flows.

We may be subject to additional tax liabilities resulting from changes in our provision for income taxes or an adverse tax ruling.

Judgment is required in determining our worldwide provision for income taxes. These determinations are highly complex and require detailed analysis of the available information and applicable statutes and regulatory materials. In the ordinary course of our business, there are many transactions and calculations where the ultimate tax determination is uncertain. Although we believe our tax estimates are reasonable, the final determination of tax audits and any related litigation could be materially different from our historical tax practices, provisions and accruals. If we receive an adverse ruling as a result of an audit, or we unilaterally determine that we have misinterpreted provisions of the tax regulations to which we are subject, there could be a material effect on our tax provision, net loss or cash flows in the period or periods for which that determination is made. In addition, liabilities associated with taxes are often subject to an extended or indefinite statute of limitations period. Therefore, we may be subject to additional tax liability (including penalties and interest) for a particular year for extended periods of time.

38


 

Our ability to use our net operating loss carryforwards and certain other tax attributes may be limited.

As of January 31, 2024, we had U.S. federal net operating loss carryforwards of approximately $400.9 million, state net operating loss carryforwards of approximately $520.7 million, and foreign net operating loss carryforwards of approximately $298.1 million. Under Sections 382 and 383 of the Internal Revenue Code of 1986, as amended (the “Code”), if a corporation undergoes an “ownership change,” the corporation’s ability to use its pre-change net operating loss carryforwards and other pre-change tax attributes, such as research tax credits, to offset its post-change income and taxes may be limited. In general, an “ownership change” occurs if there is a cumulative change in our ownership by “5% shareholders” that exceeds 50 percentage points over a rolling three-year period. Similar rules may apply under state tax laws. If we experience ownership changes as a result of future transactions in our stock, then we may be further limited in our ability to use our net operating loss carryforwards and other tax assets to reduce taxes owed on the net taxable income that we earn. Any such limitations on the ability to use our net operating loss carryforwards and other tax assets could adversely impact our business, financial condition and operating results.

We are subject to governmental export controls that could impair our ability to compete in international markets due to licensing requirements and economic sanctions programs that subject us to liability if we are not in full compliance with applicable laws.

Certain of our services are subject to export controls, including the U.S. Department of Commerce’s Export Administration Regulations and various economic and trade sanction regulations administered by the U.S. Treasury Department’s Office of Foreign Assets Controls. The provision of our products and services must comply with these laws. The U.S. export control laws and U.S. economic sanctions laws include prohibitions on the sale or supply of certain products and services to U.S. embargoed or sanctioned countries, governments, persons and entities and also require authorization for the export of encryption items. In addition, various countries regulate the import of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our services or could limit our customers’ ability to implement our services in those countries.

Although we take precautions to prevent our services from being provided in violation of such laws, our solutions may have been in the past, and could in the future be, provided inadvertently in violation of such laws, despite the precautions we take. If we fail to comply with these laws, we and our employees could be subject to civil or criminal penalties, including the possible loss of export privileges, monetary penalties, and, in extreme cases, imprisonment of responsible employees for knowing and willful violations of these laws. We may also be adversely affected through penalties, reputational harm, loss of access to certain markets, or otherwise.

Changes in tariffs, sanctions, international treaties, export/import laws and other trade restrictions or trade disputes may delay the introduction and sale of our services in international markets, prevent our customers with international operations from deploying our services or, in some cases, prevent the export or import of our services to certain countries, governments, persons or entities altogether. Any change in export or import regulations, economic sanctions or related laws, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our services, or in our decreased ability to export or sell our services to existing or potential customers with international operations. Any decrease in the use of our services or limitation on our ability to export or sell our services would likely adversely affect our business, financial condition and operating results.

Failure to comply with anti-bribery, anti-corruption, and anti-money laundering laws could subject us to penalties and other adverse consequences.

We are subject to the Foreign Corrupt Practices Act (FCPA), the U.K. Bribery Act and other anti-corruption, anti-bribery and anti-money laundering laws in various jurisdictions both domestic and abroad. In addition to our own sales force, we also leverage third parties to sell our products and services and conduct our business abroad. We and our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities and may be held liable for the corrupt or other illegal activities of these third-party business partners and intermediaries, our employees, representatives, contractors, channel partners, and agents, even if we do not explicitly authorize such activities. While we have policies and

39


 

procedures to address compliance with such laws, we cannot assure you that our employees and agents will not take actions in violation of our policies or applicable law, for which we may be ultimately held responsible. Any violation of the FCPA or other applicable anti-bribery, anti-corruption, and anti-money laundering laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, severe criminal or civil sanctions, or suspension or debarment from U.S. government contracts, all of which may have an adverse effect on our reputation, business, operating results and prospects.

Risks Related to Ownership of Our Class A Common Stock

Anti-takeover provisions contained in our amended and restated certificate of incorporation and amended and restated bylaws, as well as provisions of Delaware law, could impair a takeover attempt.

Our amended and restated certificate of incorporation, amended and restated bylaws and Delaware law contain provisions which could have the effect of rendering more difficult, delaying or preventing an acquisition deemed undesirable by our Board of Directors. Among other things, our amended and restated certificate of incorporation and amended and restated bylaws include provisions:

authorizing a classified board of directors whose members serve staggered three-year terms;
authorizing “blank check” preferred stock, which could be issued by our Board of Directors without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our Class A common stock;
limiting the liability of, and providing indemnification to, our directors and officers;
limiting the ability of our stockholders to call and bring business before special meetings;
requiring advance notice of stockholder proposals for business to be conducted at meetings of our stockholders and for nominations of candidates for election to our Board of Directors; and
controlling the procedures for the conduct and scheduling of board directors and stockholder meetings.

These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.

As a Delaware corporation, we are also subject to provisions of Delaware law, including Section 203 of the Delaware General Corporation Law, which prevents certain stockholders holding more than 15% of the voting power of our outstanding capital stock from engaging in certain business combinations without approval of the holders of at least two-thirds of the voting power of our outstanding capital stock not held by such stockholder.

Any provision of our amended and restated certificate of incorporation, amended and restated bylaws or Delaware law that has the effect of delaying, preventing or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our capital stock, and could also affect the price that some investors are willing to pay for our Class A common stock.

Our bylaws designate a state or federal court located within the State of Delaware as the exclusive forum for substantially all disputes between us and our stockholders and also provide that the federal district courts will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act of 1933, as amended, each of which could limit our stockholders’ ability to choose the judicial forum for disputes with us or our directors, officers, stockholders or employees.

Our bylaws provide that, unless we consent in writing to the selection of an alternative forum, the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, stockholders, officers or other employees to us or our stockholders, (3) any action arising pursuant to any provision of the Delaware General Corporation Law, our certificate of incorporation or our bylaws or (4) any other action asserting a claim that is governed by the internal affairs doctrine shall be the Court of Chancery of the State of Delaware (or, if the Court of Chancery does not have jurisdiction, another State court in Delaware or the federal district court for the District of Delaware), except for any claim as to which such court determines that there is an indispensable party not subject to the jurisdiction of such

40


 

court (and the indispensable party does not consent to the personal jurisdiction of such court within ten days following such determination), which is vested in the exclusive jurisdiction of a court or forum other than such court or for which such court does not have subject matter jurisdiction. This provision would not apply to any action brought to enforce a duty or liability created by the Securities Exchange Act of 1934, as amended, and the rules and regulations thereunder.

Section 22 of the Securities Act of 1933 establishes concurrent jurisdiction for federal and state courts over Securities Act claims. Accordingly, both state and federal courts have jurisdiction to hear such claims. To prevent having to litigate claims in multiple jurisdictions and the threat of inconsistent or contrary rulings by different courts, among other considerations, our bylaws also provide that, unless we consent in writing to the selection of an alternative forum, the federal district courts of the United States will be the sole and exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act against any person in connection with an offering of our securities.

Any person or entity purchasing or otherwise acquiring or holding or owning (or continuing to hold or own) any interest in any of our securities shall be deemed to have notice of and consented to the foregoing bylaw provisions. Although we believe these exclusive forum provisions benefit us by providing increased consistency in the application of Delaware law and federal securities laws in the types of lawsuits to which each applies, the exclusive forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or our current or former directors, officers, stockholders or other employees, which may discourage such lawsuits against us and our current and former directors, officers, stockholders and other employees. Our stockholders will not be deemed to have waived our compliance with the federal securities laws and the rules and regulations thereunder as a result of our exclusive forum provisions.

Further, the enforceability of similar exclusive forum provisions in other companies’ organizational documents have been challenged in legal proceedings, and it is possible that a court of law could rule that these types of provisions are inapplicable or unenforceable if they are challenged in a proceeding or otherwise. If a court were to find either exclusive forum provision contained in our bylaws to be inapplicable or unenforceable in an action, we may incur significant additional costs associated with resolving such action in other jurisdictions, all of which could harm our results of operations.

We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value.

We repurchase shares of our Class A common stock in open market transactions from time to time pursuant to publicly announced stock repurchase program approved by our Board of Directors. During fiscal year 2024, we repurchased 6.6 million shares for a total amount of $177.0 million and during fiscal year 2023, we repurchased 10.2 million shares for a total amount of $266.7 million. Any share repurchases remain subject to the circumstances in place at that time, including prevailing market prices, and we are not obligated to repurchase a specified number or dollar value of shares. As a result, there can be no guarantee around the timing or volume of our share repurchases. In addition, as part of the Inflation Reduction Act signed into law in August 2022, the United States implemented a 1% excise tax on the value of certain stock repurchases by publicly traded companies. This tax could increase the costs to us of any share repurchases. The stock repurchase program could affect the price of our Class A common stock, increase volatility and diminish our cash reserves. Our repurchase program may be suspended or terminated at any time and, even if fully implemented, may not enhance long-term stockholder value.

The market price of our Class A common stock has been and may continue to be volatile, and you could lose all or part of your investment.

The market price of our Class A common stock has been and may continue to be subject to wide fluctuations in response to various factors, some of which are beyond our control and may not be related to our operating performance. In addition to the factors discussed in this “Risk Factors” section and elsewhere in this Annual Report on Form 10-K, factors that could cause fluctuations in the market price of our Class A common stock include the following:

price and volume fluctuations in the overall stock market from time to time;

41


 

volatility in the market prices and trading volumes of technology or other public company stocks;
changes in operating performance and stock market valuations of other technology companies generally or those in our industry in particular;
general economic conditions and slow or negative growth of our markets;
purchases and sales of shares of our Class A common stock by us or our stockholders;
whether our results of operations meet the expectations of securities analysts or investors and changes in actual or future expectations of investors or securities analysts;
the financial projections we may provide to the public, any changes in those projections or our failure to meet those projections;
announcements by us or our competitors of new products or services;
the public’s reaction to our press releases, other public announcements and filings with the SEC;
rumors and market speculation involving us or other companies in our industry;
actual or anticipated changes in our operating results or fluctuations in our operating results;
actual or anticipated developments in our business, our competitors’ businesses or the competitive landscape generally;
litigation involving us, our industry or both, or investigations by regulators into our operations or those of our competitors;
developments or disputes concerning our intellectual property or other proprietary rights;
announced or completed acquisitions of businesses or technologies by us or our competitors;
new laws or regulations or new interpretations of existing laws or regulations applicable to our business;
network or service outages, internet disruptions, the availability of our service, security breaches or perceived security breaches and vulnerabilities;
changes in accounting standards, policies, guidelines, interpretations or principles;
actions instituted by activist shareholders or others, and our response to such actions;
any significant change in our management;
fluctuations in foreign currency exchange rates; and
catastrophic events, including pandemics, earthquakes, fires, floods, tsunamis or other weather events, power loss, telecommunications failures, software or hardware malfunctions, cyber-attacks, wars, or terrorist attacks.

In addition, in the past, following periods of volatility in the overall market and the market price of a particular company’s securities, securities class action litigation has often been instituted against these companies. Any future securities litigation could result in substantial costs and a diversion of our management’s attention and resources.

 

Servicing our existing and future debt may require a significant amount of cash, and we may not have sufficient cash flow from our business to settle conversions of our Convertible Notes in cash, repay the Convertible Notes at maturity, or repurchase the Convertible Notes as required following a fundamental change.

In January 2021, we issued $345.0 million aggregate principal amount of Convertible Notes. Prior to October 15, 2025, the Convertible Notes are convertible at the option of the holders only under certain conditions or upon occurrence of certain events as described in Note 9, Part II, Item 8 of our Annual Report on Form 10-K. We have made an irrevocable election to settle the principal of the Convertible Notes in cash upon any conversion of the Convertible Notes. As a result, if holders of the Convertible Notes elect to convert their Convertible Notes, we will be required to make cash payments in respect of the Convertible Notes being converted. Holders of the Convertible

42


 

Notes also have the right to require us to repurchase all or a portion of their Convertible Notes upon the occurrence of a fundamental change (as defined in the indenture governing the Convertible Notes) at a repurchase price equal to 100% of the principal amount of the Convertible Notes to be repurchased, plus accrued and unpaid special interest, if any. If the Convertible Notes have not previously been converted or repurchased, we will be required to repay the outstanding principal amount of the Convertible Notes, plus accrued and unpaid special interest, if any, in cash at maturity. The Convertible Notes are scheduled to mature on January 15, 2026.

Our ability to make required cash payments in connection with conversions of the Convertible Notes, repurchase the Convertible Notes in the event of a fundamental change, or to repay or refinance the Convertible Notes at maturity will depend on market conditions and our past and expected future performance, which is subject to economic, financial, competitive, and other factors beyond our control. We also may not use the cash proceeds we raised through the issuance of the Convertible Notes in an optimally productive and profitable manner. Since inception, our business has generated net losses, and while we were profitable in fiscal year 2024, we may continue to incur significant losses in the future. As a result, we may not have enough available cash or be able to obtain financing, or financing at acceptable terms, at the time we are required to repurchase or repay the Convertible Notes or pay cash with respect to Convertible Notes being converted.

In addition, our ability to repurchase or pay cash upon conversion or at maturity of the Convertible Notes may be limited by law or regulatory authority. Our failure to repurchase Convertible Notes following a fundamental change or to pay cash upon conversion or at maturity of the Convertible Notes as required by the indenture would constitute a default under such indenture. A default under the indenture or the fundamental change itself could also lead to a default under our senior credit facility, our other outstanding indebtedness, or agreements governing our future indebtedness and could have a material adverse effect on our business, results of operations, and financial condition. If the payment of the related indebtedness were to be accelerated after any applicable notice or grace periods, we may not have sufficient funds to repay the indebtedness and repurchase the Convertible Notes or to pay cash upon conversion or at maturity of the Convertible Notes.

Furthermore, if any of the conditions to the convertibility of the Convertible Notes are satisfied, then we may be required under applicable accounting standards to reclassify the carrying value of the Convertible Notes to current, rather than long-term. This reclassification could materially reduce our reported working capital.

The capped call transactions we entered into in connection with the issuance of the Convertible Notes may affect the value of our Class A common stock.

In connection with the issuance of the Convertible Notes, we entered into capped call transactions with various counterparties (the “Capped Calls”). The Capped Calls cover, subject to customary adjustments, the number of shares of our Class A common stock initially underlying the Convertible Notes. The Capped Calls are expected generally to reduce or offset the potential dilution to our Class A common stock upon any conversion of the Convertible Notes with such reduction or offset, as the case may be, subject to a cap based on the cap price.

From time to time, the counterparties to the Capped Calls or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our Class A common stock and/or purchasing or selling our Class A common stock or other securities of ours in secondary market transactions prior to the maturity of the Convertible Notes. This activity could also cause or prevent an increase or a decrease in the market price of our Class A common stock or the Convertible Notes.

We are subject to counterparty risk with respect to the Capped Calls.

The counterparties to the Capped Calls that we entered into are financial institutions, and we will be subject to the risk that one or more of the counterparties may default or otherwise fail to perform, or may exercise certain rights to terminate, their obligations under the Capped Calls. Our exposure to the credit risk of the counterparties will not be secured by any collateral.

Global economic conditions have in the past resulted in the actual or perceived failure or financial difficulties of many financial institutions. If a counterparty to one or more Capped Calls becomes subject to insolvency

43


 

proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at the time under such transaction. Our exposure will depend on many factors but, generally, our exposure will increase if the market price or the volatility of our Class A common stock increases. In addition, upon a default or other failure to perform, or a termination of obligations, by a counterparty, the counterparty may fail to deliver the consideration required to be delivered to us under the Capped Calls and we may experience more dilution than we currently anticipate with respect to our Class A common stock. We can provide no assurances as to the financial stability or viability of the counterparties.

The holders of Series A Convertible Preferred Stock are entitled to vote on an as-converted to Class A common stock basis and have rights to approve certain actions. Additionally, KKR may exercise influence over us through their ability to designate a member of our Board of Directors.

In May 2021, we issued 500,000 shares of our Series A Convertible Preferred Stock to a group of investors led by KKR & Co. Inc. (“KKR,” and such group of investors, the “Investors”). The holders of our Series A Convertible Preferred Stock are generally entitled to vote with the holders of our Class A common stock on all matters submitted for a vote of holders of shares of Class A common stock (voting together with the holders of shares of Class A common stock as one class) on an as-converted basis.

Pursuant to that certain Investment Agreement dated April 7, 2021, by and among Box, Inc. and Powell Investors III L.P., KKR-Milton Credit Holdings L.P., KKR-NYC Credit C L.P., Tailored Opportunistic Credit Fund, and CPS Holdings (US) L.P. (the “Investment Agreement”), KKR has the right to designate one candidate for nomination for election to our board of directors for so long as KKR and its permitted transferees maintain minimum aggregate holdings of our stock as described in further detail in the Investment Agreement. Notwithstanding the fact that all directors are subject to fiduciary duties to us and to applicable law, the interests of the KKR director designee may differ from the interests of our security holders as a whole or of our other directors.

Additionally, the consent of the holders of a majority of the outstanding shares of Series A Convertible Preferred Stock is required in order for us to take certain actions, including issuances of securities that are senior to, or equal in priority with, the Series A Convertible Preferred Stock, and payments of special dividends in excess of an agreed upon amount.

As a result, the holders of Series A Convertible Preferred Stock may in the future have the ability to influence the outcome of certain matters affecting our governance and capitalization.

The issuance of shares of our Series A Convertible Preferred Stock reduces the relative voting power of holders of our Class A common stock, and the conversion of those shares into shares of our Class A common stock would dilute the ownership of Class A common stockholders and may adversely affect the market price of our Class A common stock.

The holders of our Series A Convertible Preferred Stock are entitled to vote, on an as-converted basis, together with holders of our Class A common stock on all matters submitted to a vote of the holders of our Class A common stock, which reduces the relative voting power of the holders of our Class A common stock. In addition, the conversion of our Series A Convertible Preferred Stock into Class A common stock would dilute the ownership interest of existing holders of our Class A common stock, and any conversion of the Series A Convertible Preferred Stock would increase the number of shares of our Class A common stock available for public trading, which could adversely affect prevailing market prices of our Class A common stock.

Our Series A Convertible Preferred Stock has rights, preferences and privileges that are not held by, and are preferential to the rights of, our Class A common stockholders, which could adversely affect our liquidity and financial condition.

The holders of our Series A Convertible Preferred Stock have the right to receive a payment on account of the distribution of assets on any voluntary or involuntary liquidation, dissolution or winding up of our business before any payment may be made to holders of any other class or series of capital stock. In addition, dividends on the

44


 

Series A Convertible Preferred Stock accrue and are cumulative at the rate of 3.0% per annum, compounding quarterly, and paid-in-kind or paid in cash, at our election.

The holders of our Series A Convertible Preferred Stock also have certain redemption rights, including the right to require us to repurchase all or any portion of the Series A Convertible Preferred Stock at any time following the seventh anniversary of the original issuance date, at 100% of the liquidation preference thereof plus all accrued but unpaid dividends. In addition, upon prior written notice of certain change of control events, the shares of the Series A Convertible Preferred Stock will automatically be redeemed by us for a repurchase price equal to the stock at the then-current conversion price and (ii) an amount in cash equal to 100% of the then-current liquidation preference thereof plus all accrued but unpaid dividends. In the case of clause (ii) above, we will also be required to pay the holders of our Series A Convertible Preferred Stock a “make-whole” premium consisting of dividends that would have otherwise accrued from the effective date of such change of control through the fifth anniversary of the original issuance date.

These dividend and share repurchase obligations could impact our liquidity and reduce the amount of cash flows available for working capital, capital expenditures, growth opportunities, acquisitions, and other general corporate purposes. Our obligations to the holders of our Series A Convertible Preferred Stock could also limit our ability to obtain additional financing, which could have an adverse effect on our financial condition. The preferential rights could also result in divergent interests between the holders of our Series A Convertible Preferred Stock and holders of our Class A common stock.

Our business could be negatively affected as a result of actions of activist shareholders.

We value constructive input from investors and regularly engage in dialogue with our shareholders regarding strategy and performance. Our Board of Directors and management team are committed to acting in the best interests of all of our shareholders.

Responding to actions by activist shareholders could be costly and time-consuming, disrupt our operations and divert the attention of management and our employees. For example, in 2021, we were engaged in a proxy contest with an activist shareholder that was very costly and diverted a significant amount of time from our Board of Directors and management. Additionally, perceived uncertainties as to our future direction as a result of shareholder activism or changes to the composition of our Board of Directors may lead to the perception of a change in the direction of our business or other instability, which may be exploited by our competitors and/or other activist shareholders and cause concern to our current or potential customers, employees, investors, strategic partners and other constituencies, which could result in lost sales and the loss of business opportunities and make it more difficult to attract and retain qualified personnel and business partners. If customers choose to delay, defer or reduce transactions with us or do business with our competitors instead of us, then our business, financial condition and operating results would be adversely affected. In addition, our share price could experience periods of increased volatility as a result of shareholder activism.

If securities or industry analysts do not publish or cease publishing research or reports about us, our business, our market or our competitors, or if they adversely change their recommendations regarding our Class A common stock, the market price of our Class A common stock and trading volume could decline.

The trading market for our Class A common stock is influenced, to some extent, by the research and reports that securities or industry analysts publish about us, our business, our market or our competitors. If any of the analysts who cover us adversely change their recommendations regarding our Class A common stock or provide more favorable recommendations about our competitors, the market price of our Class A common stock would likely decline. If any of the analysts who cover us cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which in turn could cause the market price of our Class A common stock or trading volume to decline.

45


 

We do not expect to declare any dividends to holders of our Class A common stock in the foreseeable future.

We do not anticipate declaring any cash dividends to holders of our Class A common stock in the foreseeable future. Consequently, investors may need to rely on sales of our Class A common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investment. Investors seeking cash dividends should not purchase shares of our Class A common stock.

Item 1B. UNRESOLVED STAFF COMMENTS

Not applicable.

Item 1C. CYBERSECURITY

Cybersecurity Risk Management and Strategy

We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response and reporting plan.

We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes:

periodic risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;
teams principally responsible for managing (1) our cybersecurity risk assessment and mitigation processes, (2) our security controls, and (3) our response to cybersecurity incidents;
cybersecurity awareness training of our employees, incident response personnel, and senior management;
a cybersecurity incident response and reporting plan that includes procedures for responding to cybersecurity incidents;
a team responsible for compliance with security and regulatory standards including but not limited to Service Organization Controls (SOC) reporting, International Organization for Standardization (ISO) frameworks 27001/27017/27018/27701, FedRAMP, and HIPAA;
the use of external service providers, where appropriate, to audit, assess, test or otherwise assist with aspects of our security controls, and to assist with the design and implementation of our cybersecurity policies and procedures; and
a third-party risk management process for service providers, suppliers, and vendors.

While we have technology and processes in place to detect and respond to cybersecurity threats, we are continually at risk from the evolving cybersecurity threat landscape. We do not believe our business strategy, results of operations or financial condition have been materially affected by risks from cybersecurity threats, but we cannot provide assurance that they will not be materially affected in the future by such risks. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.

46


 

Cybersecurity Governance

One of the key functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for monitoring and assessing strategic risk exposure, and our officers are responsible for the day-to-day management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole, as well as through the Audit Committee. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.

The Audit Committee receives quarterly reports from management on our cybersecurity risks. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

The Audit Committee reports to our full Board regarding its activities, including those related to cybersecurity. Our Board of Directors also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our chief information security officer or external experts as part of the Board of Directors’ continuing education on topics that impact public companies.

Our chief information security officer and chief compliance officer are responsible for assessing and managing our material risks from cybersecurity threats. They also have primary responsibility for our overall cybersecurity risk management program and supervise both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team’s experience includes industry-specific expertise in SaaS technology, regulatory compliance knowledge, previous leadership roles in cybersecurity or related fields, as well as a track record of successfully implementing effective cyber risk mitigation strategies.

Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment.

Item 2. PROPERTIES

Our corporate headquarters, which includes research and development, sales, marketing, business operations and executive offices, is located in Redwood City, California. It consists of approximately 340,000 square feet of space under a lease that expires in fiscal 2029. We sublease a portion of this space.

We also lease offices in other locations, with our principal offices in San Francisco, California; Austin, Texas; New York, New York; Chicago, Illinois; London, England; Tokyo, Japan; and Warsaw, Poland. We intend to procure additional space as we add employees in our current locations and expand geographically. We believe that our facilities are adequate to meet our needs for the immediate future, and that, should it be needed, suitable additional space will be available to accommodate expansion of our operations.

Refer to Note 8 in Part II, Item 8 of this Annual Report on Form 10-K under the subheading “Legal Matters,” which is incorporated herein by reference.

Item 4. MINE SAFETY DISCLOSURE

Not applicable.

47


 

PART II

Item 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

Market Information for Common Stock

Our Class A common stock began trading on the New York Stock Exchange under the symbol “BOX” on January 23, 2015. Prior to that date, there was no public trading market for shares of our Class A common stock.

Holders of Record

As of February 29, 2024, there were 103 holders of record of our Class A common stock. Because many of our shares of Class A common stock are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of beneficial owners of our Class A common stock represented by these record holders.

Dividend Policy

We have never declared or paid cash dividends on our Class A common stock. We currently intend to retain all available funds and any future earnings for use in the operation of our business and do not anticipate paying any dividends on our Class A common stock in the foreseeable future. Any future determination to declare dividends will be made at the discretion of our Board of Directors, subject to applicable laws, and will depend on our financial condition, operating results, capital requirements, general business conditions and other factors that our Board of Directors may deem relevant.

Holders of our Series A convertible preferred stock are entitled to a cumulative dividend. Refer to Note 10 in Part II, Item 8 of this Annual Report on Form 10-K for more information about such dividends.

Unregistered Sales of Equity Securities

In February 2022, we issued 559,336 shares of our Class A common stock to certain former holders of capital stock and employees of SignRequest B.V. (the “Recipients”) as payment of the stock consideration in connection with our acquisition of SignRequest, B.V. The issuance of the shares was deemed to be exempt from the registration requirement of the Securities Act of 1933, as amended (the “Securities Act”) in reliance on Section 4(a)(2) of the Securities Act, on the basis that, among other factors: (1) each of the Recipients represented that they were an “accredited investor” within the meaning of Rule 501(a) of Regulation D; (2) there was no general solicitation or advertising in connection with the issuance of the shares; (3) each of the Recipients represented that such Recipients (i) understood that the shares had not been registered under applicable federal and state securities laws, (ii) has the ability to bear the economic risks of their investments, (iii) acquired the shares for investment purposes and not with a view to resale, and (iv) will not sell or otherwise dispose of the shares while they are subject to restricted securities legends in the absence of registration or an applicable exemption from registration requirements; and (4) each Recipient or their purchaser representative, as applicable, received or had access to required information and had an opportunity to obtain additional information about us a reasonable period of time prior to the issuance of the shares.

48


 

Issuer Purchases of Equity Securities

Share repurchase activity during the three months ended January 31, 2024 was as follows (in thousands, except per share data):

 

 

 

Total Number of
Shares Purchased

 

 

Average Price
Paid Per Share

 

 

Total Number of
Shares Purchased
as Part of Publicly
Announced Plans
or Programs

 

 

Approximate Dollar
Value of Shares that
May Yet Be Purchased
Under the Plans
or Programs
(1)

 

November 1, 2023 to November 30, 2023

 

 

352

 

 

$

25.58

 

 

 

352

 

 

 

74,521

 

December 1, 2023 to December 31, 2023

 

 

442

 

 

$

24.58

 

 

 

442

 

 

 

63,660

 

January 1, 2024 to January 31, 2024

 

 

 

 

$

 

 

 

 

 

 

63,660

 

Total

 

 

794

 

 

 

 

 

 

794

 

 

 

 

 

(1)
During the three months ended January 31, 2024, we repurchased 0.8 million shares at a weighted average price of $25.03 per share for a total amount of $19.9 million. We periodically enter into pre-set trading plans adopted in accordance with Rule 10b5-1 under the Exchange Act to effect such repurchases.

Performance Graph

This performance graph shall not be deemed “soliciting material” or to be “filed” with the SEC for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (Exchange Act), or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any filing of Box, Inc. under the Securities Act of 1933, as amended, or the Exchange Act.

49


 

The following graph compares the cumulative total return to stockholders on our common stock relative to the cumulative total returns of the Standard & Poor’s 500 Index, or S&P 500, and the NASDAQ Computer Index. An investment of $100 (with reinvestment of all dividends) is assumed to have been made in our Class A common stock and in each index on January 31, 2019 and its relative performance is tracked through January 31, 2024. The returns shown are based on historical results and are not intended to suggest future performance.

img17489633_0.jpg 

 

 

 

Base

 

 

 

 

 

 

 

 

 

 

 

 

Period

 

 

 

 

 

 

 

 

 

 

 

Company/Index

1/31/2019

 

1/31/2020

 

1/31/2021

 

1/31/2022

 

1/31/2023

 

1/31/2024

 

Box, Inc.

$

100

 

$

72

 

$

83

 

$

125

 

$

153

 

$

124

 

S&P 500 Index

 

100

 

 

119

 

 

137

 

 

167

 

 

151

 

 

179

 

NASDAQ Computer Index

 

100

 

 

144

 

 

210

 

 

264

 

 

204

 

 

317

 

Item 6. RESERVED

Not applicable.

50


 

Item 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

You should read the following discussion and analysis of our financial condition and results of operations together with the consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K. This discussion contains forward-looking statements based upon current expectations that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those discussed in the section titled “Risk Factors” and in other parts of this Annual Report on Form 10-K.

A discussion regarding our financial condition and results of operations for the year ended January 31, 2024 compared to the year ended January 31, 2023 is presented below. A discussion regarding our financial condition and results of operations for the year ended January 31, 2023 compared to the year ended January 31, 2022 can be found under Part II, Item 7 of our Annual Report on Form 10-K for the year ended January 31, 2023, filed with the SEC on March 13, 2023, which is available on the SEC’s website at www.sec.gov.

Overview

Box is the Content Cloud: a secure and intelligent content platform. Box gives organizations a single platform for their unstructured data – which typically represents about 90% of all data within an organization. This data is content – from blueprints to wireframes, videos to documents, proprietary formats to PDFs – and it is the source of an organization’s unique value. The Box Content Cloud enables our customers, to securely manage the entire content lifecycle, from the moment a file is created or ingested to when it is shared, edited, published, approved, signed, classified, and retained. Box keeps content secure and compliant, while also allowing easy access and sharing of this content from anywhere, on any device – both within the organization and with external partners.

With our SaaS platform, users can work with their content as they need – from secure external collaboration and workspaces, to e-signature processes and content workflows – improving employee productivity and accelerating business processes. IT teams can establish a space for compliant content management, and developers can easily create customized portals for white-labeled content collaboration. Administrators have a plethora of security, data protection, and compliance features they can activate to provide users with a better way to meet legal and regulatory requirements, internal policies, and industry standards and regulations. The Box platform enables a broad range of high-value business use cases – and integrates with more than 1,500 leading business applications. With hundreds of file formats and media types supported, Box is compatible with multiple application environments, operating systems, and devices – ensuring that workers can securely access their critical business content whenever and wherever they need it.

In addition, we continue to innovate by expanding our core services and offerings. We recently announced Box Hubs to surface curated content quickly and securely through intelligent portals. Box Hubs will be available with Box AI, a new set of capabilities announced last quarter, to natively integrate advanced AI models. Using Box Hubs with Box AI, customers can easily get answers to critical questions about their content in Box, and create content using their enterprise data. Moreover, Box Canvas, our natively integrated, interactive virtual whiteboarding tool, is now available to all customers. We also currently provide the following offerings: Box Sign, which enables customers with secure, seamless e-signatures right where their content lives in Box; Box Shield, our advanced security offering that helps customers reduce the risk of accidental content leakage and protect their business from insider threats and account compromise, as well as threat detection, response, and recovery for potential malware incidents, including ransomware; Box Relay, which allows our end users to easily build, manage, track, and automate workflows with no coding necessary; Box Zones, which gives global customers the ability to store their content locally in certain regions; Box KeySafe, a solution that builds on top of Box’s strong encryption and security capabilities to give customers greater control over the encryption keys used to secure the file contents that are stored with Box; Box Platform, which further enables customers and partners to build enterprise applications using our open APIs and developer tools; Box Governance, which gives customers a better way to comply with regulatory policies, help satisfy e-discovery requests and effectively manage sensitive business information throughout its lifecycle; Box Notes, our native content authoring tool which enables users to seamlessly share and collaborate in real time; and Box Shuttle, which allows for easy, affordable, self-service content migration directly from the admin console from more than ten source systems, into Box. In addition, with Box Consulting, organizations can access

51


 

professional services for critical topics like implementation, technology and application development, and change management and user training. The increasing traction of these product innovations allows our customers to realize the full set of capabilities of our Content Cloud.

We offer our solution to our customers as a subscription-based service, with subscription fees based on the requirements of our customers, including the number of users and functionality deployed. The majority of our customers subscribe to our service through one-year contracts, although we also offer our services for terms ranging from one month to three years or more. We typically invoice our customers at the beginning of the term, in multi-year, annual, quarterly or monthly installments. We recognize revenue as we satisfy our performance obligations. Accordingly, due to our subscription model, we recognize revenue for our subscription services ratably over the term of the contract.

Our objective is to build an enduring business that creates sustainable revenue and earnings growth over the long term. To best achieve this objective, we focus on growing the number of users and paying organizations through direct field sales, direct inside sales, indirect channel sales and through word-of-mouth by individual users, some of whom use our services at no cost. Individual users and organizations can also simply sign up to use our solution on our website. We believe this approach not only helps us build a critical mass of users but also has a viral effect within organizations as more of their employees use our service and encourage their IT professionals to deploy our services to a broader user base.

As of January 31, 2024, we had over 100,000 paying organizations, and our solution was offered in 25 languages. We define paying organizations as separate and distinct buying entities, such as a company, an educational or government institution, or a distinct business unit of a large corporation, that have entered into a subscription agreement with us to utilize our services.

Organizations typically purchase our solution in the following ways: (i) employees in one or more small groups within the organization may individually purchase our service; (ii) organizations may purchase IT-sponsored, enterprise-level agreements with deployments for specific, targeted use cases ranging from tens to thousands of user seats; (iii) organizations may purchase IT- sponsored, enterprise-level agreements (ELAs) where the number of user seats sold is intended to accommodate and enable nearly all information workers within the organization in whatever use cases they desire to adopt over the term of the subscription; and (iv) organizations may purchase our Box Platform service to create custom business applications for their internal use and extended ecosystem of customers, suppliers and partners. Customers can choose between an a la carte approach (i.e., by purchasing specific add-on products to complement their Box subscription) or one of our bundled Enterprise Plus plan, which include multiple add-on products to help accelerate customer time to value.

We intend to continue scaling our organization to meet the increasingly complex needs of our customers. Our sales and customer success teams are organized to efficiently serve organizations ranging from small businesses to the world’s largest global organizations. We have invested in our sales and marketing teams to sell our services around the world, as well as in our development efforts to deliver additional features and capabilities of our cloud services to address our customers’ evolving needs. We also expect to continue to make investments in both our infrastructure to meet the needs of our growing global user base and our professional services organization (Box Consulting) to address the strategic needs of our customers in more complex deployments and to drive broader adoption across a wide array of use cases.

Current Period Highlights

For the years ended January 31, 2024 and 2023, our revenue was $1.038 billion and $0.991 billion, respectively, representing year-over-year growth of 5%, or 7% growth on a constant currency basis. As of January 31, 2024, our remaining performance obligations were $1.305 billion, representing a 5% increase from our remaining performance obligations of $1.245 billion as of January 31, 2023, or 9% growth on a constant currency basis. For the year ended January 31, 2024, our gross profit was $777.1 million, and our gross margin was 74.9%, compared to our gross profit of $738.3 million and our gross margin of 74.5% for the year ended January 31, 2023. For the year ended January 31, 2024, our operating income was $50.8 million and our operating margin was 4.9%, compared to our operating income of $36.8 million and our operating margin of 3.7% for the year ended January 31, 2023. For the year ended January 31, 2024, our net cash provided by operating activities was $318.7 million, an

52


 

increase of 7% from net cash provided by operating activities of $298.0 million for the year ended January 31, 2023. For the year ended January 31, 2024, our non-GAAP free cash flow was $269.0 million, an increase of 13% from non-GAAP free cash flow of $238.4 million for the year ended January 31, 2023.

Continuous Innovation

During the fiscal year ended January 31, 2024, several new products and product enhancements were made generally available or announced, including:

Box AI for Documents and Notes – a new set of capabilities, powered by advanced AI models natively integrated in the Box platform, enhancing how users work in Box. Box AI will accelerate productivity in Box. With Box AI for Documents, users can ask questions about a document, generate insights from a report, or summarize a presentation. With Box AI for Notes, users can create content from scratch or refine drafted information.
Box Hubs – intelligent portals to surface curated content quickly and securely. We expect Box Hubs will soon be available with Box AI, so customers can easily query multiple documents that are organized in a Hub and quickly get answers to critical questions. All content published in a Hub will retain Box’s enterprise-grade security, governance, and compliance capabilities, so that content in a Hub is only made available to its intended audience.
Box Canvas – a Box-native visual collaboration and whiteboarding tool. Box Canvas includes unlimited Canvases for every plan as well as an easy-to-use, feature-rich toolset that enables users to ideate, brainstorm and collaborate visually directly in Box.
Box Shield Enhancements – Addresses potential threats stemming from prohibited geographic regions by empowering administrators to automatically block detected threats, reducing response time and significantly reducing the burden to the administrator.
Zero Trust Administrative Security – Added new protections to secure administrators against attack, including mandatory multi-factor authentication (MFA) checks for certain critical or high-risk actions, such as enabling or disabling MFA for their organization.
Box + CrowdStrike – Expanded our endpoint protection by integrating with the CrowdStrike Falcon solution. Available soon, this integration enables Box Shield to ingest CrowdStrike’s Zero Trust Assessment (ZTA) score and take remediating action automatically. The ZTA score assesses over 100 factors of device security to ensure that only secure, trusted devices are allowed access to Box.
No-Code Business Application Builder – Box acquired Crooze, a leading provider of no-code enterprise content management applications built on the Box platform, in December 2023. Crooze technology brings a no-code business process application builder, an extensive set of metadata tools, customizable dashboard views, and content automation — to our secure, intelligent Content Cloud. With Crooze, customers can quickly address key business process use cases, including managing contracts, document libraries and digital assets. We expect to soon have Crooze technology integrated natively into the Box Content Cloud to help our customers power content experiences and workflows.
Enhancements to Box Sign – Added support for 21 CFR Part 11 compliance, ability to specify recipient groups for faster time-to-signature, customizable signature request expiration dates, dropdown menus, radio buttons, and signer attachment fields, ability for senders to prefill fields and toggle them as read-only fields, keyboard shortcuts and commands, ability to embed signing experience within custom applications, reusable template APIs, webhook support to detect bounced email IDs, and pre-built third-party integrations with Workato and Slack Workflow Builder.
Enhancements to Integrations – Added Box for Microsoft Office desktop co-authoring to customers in Microsoft’s Semi-Annual Channel for Office 365 updates, Box for Microsoft Teams enhancements so users can edit Box Notes and Microsoft Office files on Box directly in Teams, and new Box Embed

53


 

tools for Salesforce, Slack, and Teams for users to access their Box content and Box native tools like Notes and Canvas directly where they are working.

Impact of Macroeconomic Factors on Our Business

Our overall performance depends in part on worldwide economic and geopolitical conditions and their impact on customer behavior. Worsening economic conditions, including impacts from inflation, higher interest rates, slower growth, the stronger dollar versus foreign currencies, particularly the Japanese Yen, the ongoing Hamas-Israel and Russia-Ukraine conflicts and other changes in economic conditions, may adversely affect our results of operations and financial performance. During the fiscal year ended January 31, 2024, in addition to headwinds from foreign exchange rate trends, we continued to see an impact from additional customer scrutiny being placed on larger deals and lower seat expansion rates due to the challenging macroeconomic environment. As a result, we have experienced, and may continue to experience, increased customer churn and delayed sales cycles, as well as customers and prospective customers reducing budgets related to services that we offer. While we believe IT budgets have tightened and some larger deals have required more scrutiny across verticals and geographies, we also believe we are well-positioned to execute through these dynamic times as the Box Content Cloud enables enterprises to streamline their businesses, drive up productivity, reduce risk, and lower costs.

Our Business Model

Our business model focuses on maximizing the lifetime value of a customer relationship. We make significant investments in acquiring new customers and believe that we will be able to achieve a positive return on these investments by retaining customers, cross-selling our add-on products and expanding the size of our deployments within our customer base over time. In connection with the acquisition of new customers, we incur and recognize significant upfront costs. These costs include sales and marketing costs associated with acquiring new customers, such as sales commission expenses, substantially all of which are deferred and then amortized over a period of benefit, and marketing costs, which are expensed as incurred. We recognize revenue as we satisfy our performance obligations to customers. Accordingly, due to our subscription model, we recognize revenue for our subscription services ratably over the term of the contract.

We experience a range of profitability with our customers depending in large part upon their current stage. We generally incur higher sales and marketing expenses for new customers and existing customers who are still in an expanding stage. For new customers and for customers who are expanding their use of Box, our associated sales and marketing expenses typically represent a higher portion of revenue for the initial subscription term for new customers or the remaining subscription term for existing customers. For customers who are renewing their Box subscriptions, our associated sales and marketing expenses are significantly less than the revenue we recognize from those customers over the term of the renewed subscription. These differences are primarily driven by the higher compensation we provide to our sales force for new customers and customer subscription expansions compared to the compensation we provide to our sales force for routine subscription renewals by customers. We have experienced, and expect to continue to experience, lower sales and marketing expenses as a percentage of revenue as our existing customer base grows over time and a relatively higher percentage of our revenue is attributable to renewals versus new or expanding Box deployments.

Key Business Metrics

We use the key metrics below for financial and operational decision-making and as a means to evaluate period-to-period comparisons. We believe that these key metrics provide meaningful supplemental information regarding our performance. We believe that both management and investors benefit from referring to these key metrics in assessing our performance and when planning, forecasting, and analyzing future periods. These key metrics also facilitate management’s internal comparisons to our historical performance as well as comparisons to certain competitors’ operating results. We believe these key metrics are useful to investors both because (1) they allow for greater transparency with respect to key metrics used by management in its financial and operational decision-making and (2) they are used by institutional investors and the analyst community to help analyze the health of our business.

54


 

Remaining Performance Obligations

Remaining performance obligations (RPO) represent, at a point in time, contracted revenue that has not yet been recognized. RPO consists of deferred revenue and backlog. Backlog is defined as non-cancellable contracts deemed certain to be invoiced and recognized as revenue in future periods. Future invoicing is determined to be certain when we have an executed non-cancellable contract or a significant penalty is due upon cancellation. While Box believes RPO is a leading indicator of revenue as it represents sales activity not yet recognized in revenue, it is not necessarily indicative of future revenue growth as it is influenced by several factors, including seasonality, contract renewal timing, average contract terms and foreign currency exchange rates. Box monitors RPO to manage the business and evaluate performance.

RPO as of January 31, 2024 was $1.305 billion, an increase of 5% from January 31, 2023. The increase in RPO was primarily driven by expansion within existing customers as they broadened their deployment of our product offerings and the conversion to multi-product Suites. The increase in RPO was also driven by the addition of new customers and the timing of customer-driven renewals. RPO growth was partially offset by a negative impact of 240 basis points from foreign currency exchange rates.

Billings

Billings represent our revenue plus the changes in deferred revenue and contract assets in the period. Billings we record in any particular period primarily reflect subscription renewals and expansion within existing customers plus sales to new customers, and represent amounts invoiced for all of our products and professional services. We typically invoice our customers at the beginning of the term, in multi-year, annual, quarterly or monthly installments. If the customer negotiates to pay the full subscription amount at the beginning of the period, the total subscription amount for the entire term will be reflected in billings. If the customer negotiates to be invoiced annually or more frequently, only the amount billed for such period will be included in billings.

Billings help investors better understand our sales activity for a particular period, which is not necessarily reflected in our revenue given that we recognize subscription revenue ratably over the contract term. We consider billings a significant performance measure. We monitor billings to manage our business, make planning decisions, evaluate our performance and allocate resources. We believe that billings offer valuable supplemental information regarding the performance of our business and will help investors better understand the sales volumes and performance of our business. We do not consider billings to be a non-GAAP financial measure because it is calculated using exclusively revenue, deferred revenue, and contract assets, all of which are financial measures calculated in accordance with GAAP.

Billings for the year ended January 31, 2024 were $1.057 billion, an increase of 3% from the year ended January 31, 2023. The increase in billings was primarily driven by expansion within existing customers as they broadened their deployment of our product offerings through the conversion to multi-product Suites, the addition of new customers, and the timing of customer-driven renewals. Billings growth was partially offset by a negative impact of 240 basis points from foreign currency exchange rates.

Our use of billings has certain limitations as an analytical tool and should not be considered in isolation or as a substitute for revenue or an analysis of our results as reported under GAAP. Billings are recognized when invoiced, while the related subscription and premier services revenue is recognized ratably over the contract term as we satisfy a performance obligation. Also, other companies, including companies in our industry, may not use billings, may calculate billings differently, may have different billing frequencies, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of billings as a comparative measure.

Over time, we expect to continue to normalize payment durations. In addition, as we have gained and expect to continue to gain more traction with large enterprise customers, we also anticipate our quarterly billings to increasingly concentrate in the back half of our fiscal year, especially in the fourth quarter.

55


 

A calculation of billings starting with revenue, the most directly comparable GAAP financial measure, is presented below (in thousands):

 

 

 

Year Ended January 31,

 

 

 

 

2024

 

 

2023

 

 

2022

 

 

GAAP revenue

 

$

1,037,741

 

 

$

990,874

 

 

$

874,332

 

 

Deferred revenue, end of period

 

 

586,871

 

 

 

566,630

 

 

 

534,242

 

 

Less: deferred revenue, beginning of period

 

 

(566,630

)

 

 

(534,242

)

 

 

(465,613

)

 

Contract assets, beginning of period

 

 

1,900

 

 

 

1,111

 

 

 

25

 

 

Less: contract assets, end of period

 

 

(2,452

)

 

 

(1,900

)

 

 

(1,111

)

 

Billings

 

$

1,057,430

 

 

$

1,022,473

 

 

$

941,875

 

 

Non-GAAP Free Cash Flow

We define non-GAAP free cash flow as cash flows from operating activities less purchases of property and equipment, principal payments of finance lease liabilities, capitalized internal-use software costs, and other items that did not or are not expected to require cash settlement and that management considers to be outside of our core business.

Net cash provided by operating activities for the year ended January 31, 2024 was $318.7 million, representing an increase of 7% from the year ended January 31, 2023. Non-GAAP free cash flow for the year ended January 31, 2024 was $269.0 million, representing an increase of 13% from the year ended January 31, 2023.

A reconciliation of non-GAAP free cash flow to net cash provided by operating activities, its nearest GAAP equivalent, is presented in the non-GAAP Financial Measures section at the end of Item 7 of this Annual Report on Form 10-K. The presentation of non-GAAP free cash flow is also not meant to be considered in isolation or as an alternative to cash flows from operating activities as a measure of liquidity.

Net Retention Rate

Net retention rate is defined as the net percentage of Total Annual Recurring Revenue (Total ARR) retained from existing customers, including expansion. We define Total ARR as the annualized recurring revenue from all active customer contracts at the end of a reporting period. We calculate our net retention rate as of a period end by starting with the Total ARR from customers as of 12 months prior to such period end (Prior Period Total ARR). We then calculate Total ARR from these same customers as of the current period end (Current Period Total ARR). Finally, we divide the Current Period Total ARR by the Prior Period Total ARR to arrive at our net retention rate. In calculating our net retention rate, we include only Total ARR associated with those customers who have subscribed to Box for at least 12 months. We believe our net retention rate is an important metric that provides insight into the long-term value of our subscription agreements and our ability to retain and grow revenue from our customer base. Net retention rate is an operational metric and there is no comparable GAAP financial measure to which we can reconcile this particular key metric.

Our net retention rate was 101%, 108%, and 111% as of January 31, 2024, 2023 and 2022, respectively. The decline in our net retention rate as of January 31, 2024 was primarily attributable to heightened budget scrutiny putting pressure on seat expansion within existing customers and increased customer churn. As our customers purchase add-on products or our bundled Enterprise Plus plan, we tend to realize significantly higher average contract values and stronger net retention rates as compared to customers who only purchase our core product. We believe our go-to-market efforts to deliver a solution selling strategy and our investments in product, customer success, and Box Consulting, including our Box Shuttle migration offering, have been significant factors in our customer retention results. As we penetrate customer accounts, we expect our net retention rate to remain above 100% for the foreseeable future.

56


 

Components of Results of Operations

Revenue

We derive our revenue primarily from three sources: (1) subscription revenue, which is comprised of subscription fees from customers who have access to our content cloud platform including routine customer support; (2) revenue from customers purchasing our premier services package; and (3) revenue from professional services such as implementing best practice use cases, project management and implementation consulting services.

To date, practically all of our revenue has been derived from subscription and premier services. Subscription and premier services revenue are driven primarily by the number of customers, the number of seats sold to each customer and the price of our services.

We recognize revenue as we satisfy our performance obligations. Accordingly, due to our subscription model, we recognize revenue for our subscription and premier services ratably over the contract term. We typically invoice our customers at the beginning of the term, in multi-year, annual, quarterly or monthly installments. Our subscription and premier services contracts are typically non-cancellable and do not contain refund-type provisions. The majority of our customers subscribe to our service through one-year contracts, although we also offer our services for terms ranging between one month to three years or more.

Professional services are generally billed on a fixed price basis, for which revenue is recognized over time based on the proportion performed. Professional services revenue was not material as a percentage of total revenue for all periods presented.

Revenue is presented net of sales and other taxes we collect on behalf of governmental authorities.

Cost of Revenue

Our cost of revenue consists primarily of costs related to providing our subscription services to our paying customers, including employee compensation and related expenses for data center operations, customer support and professional services personnel, public cloud hosting costs, depreciation of servers and equipment, security services and other tools, as well as amortization expense associated with acquired technology and capitalized internally developed software. We allocate overhead such as rent, information technology costs and employee benefit costs to all departments based on headcount. As such, general overhead expenses are reflected in cost of revenue and each of the operating expense categories set forth below.

Operating Expenses

Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of each category of operating expenses. Operating expenses also include allocated overhead costs for facilities, information technology costs and employee benefit costs.

Research and Development. Research and development expense consists primarily of employee compensation and related expenses, as well as allocated overhead. Our research and development efforts are focused on scaling our platform, building an ecosystem of best-of-breed applications and platforms, infrastructure, adding enterprise grade features, functionality and enhancements such as workflow automation, intelligent content management capabilities, advanced security, e-signature capability, native visual collaboration and whiteboarding, and artificial intelligence to enhance the ease of use of our cloud content management services. We capitalize certain qualifying costs to develop software for internal use incurred during the application development stage.

Sales and Marketing. Sales and marketing expense consists primarily of employee compensation and related expenses, sales commissions, marketing programs, travel-related expenses, as well as allocated overhead. Marketing programs include but are not limited to advertising, events, corporate communications, brand building, and product marketing. Sales and marketing expense also consists of public cloud hosting, data center and customer support costs related to providing our cloud-based services to our free users. We market and sell our cloud content management services worldwide through our direct sales organization and through indirect distribution channels such as strategic resellers. Our sales and marketing expenses are generally higher for acquiring new or expanding existing customers than for renewals of existing customer subscriptions.

57


 

General and Administrative. General and administrative expense consists primarily of employee compensation and related expenses for administrative functions including finance, legal, human resources, recruiting, information systems, enterprise security, compliance, fees for external professional services and cloud-based enterprise systems, as well as allocated overhead. External professional services fees are primarily comprised of outside legal, accounting, audit and outsourcing services.

Interest and Other Income (Expense), Net

Interest and other income (expense), net consists of interest expense, interest income, gains and losses from foreign currency transactions, and other income and expense. Interest expense consists primarily of interest charges for our line of credit and interest rate swap agreement, interest expense related to finance leases, and the amortization of issuance costs of our convertible senior notes. Interest income consists primarily of interest earned on our cash and cash equivalents and short-term investments. We have historically invested our cash and cash equivalents in overnight deposits, certificates of deposit, money market funds, U.S. treasury securities and non-U.S. government issued securities.

(Benefit from) Provision for Income Taxes

(Benefit from) provision for income taxes consists primarily of state and foreign income taxes and, as applicable, changes in our deferred taxes, related valuation allowance positions and uncertain tax positions.

Results of Operations

The following tables set forth our results of operations for the periods presented (in thousands, except per share data):

 

 

 

Year Ended January 31,

 

 

2024

 

 

2023

 

 

2022

 

 

Consolidated Statements of Operations Data:

 

 

 

 

 

 

 

 

 

 

Revenue

 

$

1,037,741

 

 

$

990,874

 

 

$

874,332

 

 

Cost of revenue (1)

 

 

260,612

 

 

 

252,556

 

 

 

249,484

 

 

Gross profit

 

 

777,129

 

 

 

738,318

 

 

 

624,848

 

 

Operating expenses:

 

 

 

 

 

 

 

 

 

 

Research and development (1)

 

 

248,767

 

 

 

243,529

 

 

 

218,523

 

 

Sales and marketing (1)

 

 

348,638

 

 

 

331,400

 

 

 

298,635

 

 

General and administrative (1)

 

 

128,971

 

 

 

126,549

 

 

 

135,316

 

 

Total operating expenses

 

 

726,376

 

 

 

701,478

 

 

 

652,474

 

 

Income (loss) from operations

 

 

50,753

 

 

 

36,840

 

 

 

(27,626

)

 

Interest and other income (expense), net

 

 

11,833

 

 

 

(2,433

)

 

 

(9,838

)

 

Income (loss) before income taxes

 

 

62,586

 

 

 

34,407

 

 

 

(37,464

)

 

(Benefit from) provision for income taxes

 

 

(66,446

)

 

 

7,624

 

 

 

3,995

 

 

Net income (loss)

 

 

129,032

 

 

 

26,783

 

 

 

(41,459

)

 

Accretion and dividend on series A convertible preferred stock

 

 

(17,105

)

 

 

(17,110

)

 

 

(12,419

)

 

Undistributed earnings attributable to preferred stockholders

 

 

(12,780

)

 

 

(1,106

)

 

 

 

 

Net income (loss) attributable to common stockholders

 

$

99,147

 

 

$

8,567

 

 

$

(53,878

)

 

Net income (loss) per share attributable to common stockholders

 

 

 

 

 

 

 

 

 

 

Basic

 

$

0.69

 

 

$

0.06

 

 

$

(0.35

)

 

Diluted

 

$

0.67

 

 

$

0.06

 

 

$

(0.35

)

 

Weighted-average shares used to compute net income (loss) per share attributable to common stockholders

 

 

 

 

 

 

 

 

 

 

Basic

 

 

144,203

 

 

 

143,592

 

 

 

155,598

 

 

Diluted

 

 

148,586

 

 

 

150,192

 

 

 

155,598

 

 

 

(1)
Includes stock-based compensation expense as follows:

58


 

 

 

 

Year Ended January 31,

 

 

2024

 

 

2023

 

 

2022

 

 

Cost of revenue

 

$

19,111

 

 

$

17,816

 

 

$

20,093

 

 

Research and development

 

 

70,240

 

 

 

68,900

 

 

 

68,063

 

 

Sales and marketing

 

 

65,886

 

 

 

58,448

 

 

 

52,547

 

 

General and administrative

 

 

43,546

 

 

 

40,468

 

 

 

38,271

 

 

Total stock-based compensation

 

$

198,783

 

 

$

185,632

 

 

$

178,974

 

 

Comparison of the Years Ended January 31, 2024 and 2023

Revenue

 

 

 

Year Ended January 31,

 

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

 

(dollars in thousands)

 

Revenue

 

$

1,037,741

 

 

$

990,874

 

 

$

46,867

 

 

 

5

%

 

The $46.9 million, or 5%, increase during the fiscal year was primarily driven by seat growth in existing customers, continued strong attach rates of our multi-product Suites offerings, particularly Enterprise Plus, and strong growth in Japan. For the year ended January 31, 2024, our Suites attach rate was 78% in deals over $100,000, an increase from 72% for the year ended January 31, 2023. The increase was partially offset by the weakening of foreign currency exchange rates, which negatively impacted our revenue growth rate by 260 basis points, and customers partially churning their deployment with Box.

Cost of Revenue

 

 

 

Year Ended January 31,

 

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

 

(dollars in thousands)

 

Cost of revenue

 

$

260,612

 

 

$

252,556

 

 

$

8,056

 

 

 

3

%

Percentage of revenue

 

 

25.1

%

 

 

25.5

%

 

 

 

 

 

 

Gross margin

 

 

74.9

%

 

 

74.5

%

 

 

 

 

 

 

 

The $8.1 million, or 3%, increase during the fiscal year was primarily due to increases of $32.2 million in public cloud hosting costs, driven by our migration to the public cloud from our collocated data centers, and $1.3 million in stock-based compensation costs. This increase was partially offset by decreases of $17.4 million in depreciation expense and $7.9 million in bandwidth and data center related expense due to the completion of our migration to the public cloud from our collocated data centers. Cost of revenue as a percentage of revenue decreased 40 basis points year-over-year.

Over time, we expect our cost of revenue to increase in absolute dollars but decrease as a percentage of revenue as we invest in public cloud hosting service optimization.

Research and Development

 

 

 

Year Ended January 31,

 

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

 

(dollars in thousands)

 

Research and development

 

$

248,767

 

 

$

243,529

 

 

$

5,238

 

 

 

2

%

Percentage of revenue

 

 

24.0

%

 

 

24.6

%

 

 

 

 

 

 

 

59


 

The $5.2 million, or 2%, increase during the fiscal year was primarily due to increases of $6.9 million and $5.0 million in allocated overhead costs and employee related costs, respectively, driven by a 4% increase in headcount, $3.8 million in stock-based compensation expense, and $1.2 million in subscription software contract expenses. The increased employee headcount and related costs are driven by the growth in lower cost regions. This increase was partially offset by an increase of $9.9 million in capitalized internally developed software costs and a decrease of $1.8 million in public cloud hosting costs. Research and development expenses as a percentage of revenue decreased 60 basis points year-over-year.

We expect our research and development expenses to increase in absolute dollars but decrease as a percentage of revenue over time as we continue to make significant improvements to our content cloud product offerings and services and shift research and development to lower cost regions.

Sales and Marketing

 

 

 

Year Ended January 31,

 

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

 

(dollars in thousands)

 

Sales and marketing

 

$

348,638

 

 

$

331,400

 

 

$

17,238

 

 

 

5

%

Percentage of revenue

 

 

33.6

%

 

 

33.4

%

 

 

 

 

 

 

 

The $17.2 million, or 5%, increase during the fiscal year was primarily due to increases of $7.4 million in stock-based compensation expense and $3.2 million and $1.6 million in allocated overhead costs and employee related costs, respectively, driven by a 1% increase in headcount. Additionally, there were increases of $2.9 million in marketing expenses, driven by increased costs related to marketing events, and $0.6 million in commission expenses. Sales and marketing expenses as a percentage of revenue increased 20 basis points year-over-year.

We expect to continue to invest in capturing our large market opportunity globally and capitalize on our competitive position with a continued focus on our profitability objectives. We expect our sales and marketing expenses to increase in absolute dollars but decrease as a percentage of revenue over time as our existing customer base grows and a relatively higher percentage of our revenue is attributable to renewals versus new or expanding Box deployments and as we continue to focus on improving sales productivity.

General and Administrative

 

 

 

Year Ended January 31,

 

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

 

(dollars in thousands)

 

General and administrative

 

$

128,971

 

 

$

126,549

 

 

$

2,422

 

 

 

2

%

Percentage of revenue

 

 

12.4

%

 

 

12.8

%

 

 

 

 

 

 

 

The $2.4 million, or 2%, increase during the fiscal year was primarily due to increases of $3.2 million in stock-based compensation expense and $1.7 million in subscription software contract expenses. This was partially offset by decreases of $1.3 million in outside agency and consulting services, $0.8 million in legal services, and an increase of $0.4 million in capitalized software costs. General and administrative expense as a percentage of revenue decreased 40 basis points year-over-year.

We expect our general and administrative expenses to increase in absolute dollars but decrease as a percentage of revenue over time as we benefit from greater operational scale and efficiency.

Interest and Other Income (Expense), Net

 

 

 

Year Ended January 31,

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

(dollars in thousands)

Interest and other income (expense), net

 

$

11,833

 

 

$

(2,433

)

 

$

14,266

 

 

*

 

* Percentage change not meaningful.

60


 

 

The $14.3 million increase during the fiscal year was primarily due to an increase of $12.8 million in interest income from our certificates of deposit, money market funds, and short-term investments due to a higher interest rate environment and a decrease of $1.3 million in interest expense related to our finance leases.

(Benefit from) Provision for Income Taxes

 

 

 

Year Ended January 31,

 

 

 

 

 

2024

 

 

2023

 

 

$ Change

 

 

% Change

 

 

(dollars in thousands)

(Benefit from) provision for income taxes

 

$

(66,446

)

 

$

7,624

 

 

$

(74,070

)

 

*

 

* Percentage change not meaningful.

 

We monitor the realizability of our deferred tax assets taking into account all relevant factors at each reporting period. As of January 31, 2024, we concluded that it is more likely than not that our UK deferred tax assets are realizable. We released $79.1 million of our valuation allowance associated with the UK deferred tax assets. Approximately $75.2 million of the total valuation allowance release was related to deferred tax assets to be realized in the future years and the remainder benefited us during the year ended January 31, 2024. We continue to maintain a valuation allowance against our U.S. federal and state deferred tax assets. Given our current U.S. earnings and anticipated future earnings, we believe there is a reasonable possibility in the foreseeable future that sufficient positive evidence of sustained U.S. profitability may become available to allow us to reach a conclusion that the U.S. valuation allowance will no longer be needed.

The $74.1 million increase during the fiscal year was primarily due to a $79.1 million one-time benefit from the release of a valuation allowance on deferred tax assets, partially offset by an increase of $2.4 million in foreign current tax expense, $2.2 million in foreign non-cash deferred tax expense, and $0.5 million in state income tax expense as a result of increased profitability.

Liquidity and Capital Resources

As of January 31, 2024, we had cash and cash equivalents, restricted cash, and short-term investments of $481.2 million. During the year ended January 31, 2024, we generated operating cash flow of $318.7 million. Since our inception, we have financed our operations primarily through equity financing, cash generated from operations and debt financing. We believe our existing cash, cash equivalents and short-term investments, together with our credit facility, will be sufficient to meet our working capital and capital expenditure needs for at least the next 12 months and beyond. Our long-term capital requirements will depend on many factors including our growth rate, subscription renewal activity, billing frequency, public cloud obligations, repayment or refinancing of our debt obligations, settlement of our convertible senior notes and convertible preferred stock, the timing and extent of spending to support development efforts, the expansion of international activities, the introduction of new and enhanced service offerings, and the continuing market acceptance of our services. We may in the future enter into arrangements to acquire or invest in complementary businesses, services and technologies, including intellectual property rights. We may be required to seek additional equity or debt financing. In the event that additional financing is required from outside sources, we may not be able to raise it on terms acceptable to us or at all.

Cash Flows

For the years ended January 31, 2024, 2023, and 2022, our cash flows were as follows (in thousands):

 

 

 

Year Ended January 31,

 

 

 

2024

 

 

2023

 

 

2022

 

Net cash provided by operating activities

 

$

318,727

 

 

$

297,982

 

 

$

234,818

 

Net cash (used in) provided by investing activities

 

 

(82,792

)

 

 

120,600

 

 

 

(239,368

)

Net cash used in financing activities

 

 

(272,896

)

 

 

(396,495

)

 

 

(172,861

)

 

61


 

Operating Activities

For the year ended January 31, 2024, cash provided by operating activities was $318.7 million. The primary factors affecting our operating cash flows during this period were our net income of $129.0 million, stock-based compensation of $198.8 million, amortization of deferred commissions of $54.2 million, and depreciation and amortization of our property and equipment and capitalized software of $51.2 million, partially offset by a non-cash income tax benefit from the release of a valuation allowance on deferred tax assets of $75.2 million. Cash provided by operating activities during the year ended January 31, 2024 was further adjusted by net cash outflows of $41.8 million due to changes in our operating assets and liabilities.

The primary drivers for the changes in operating assets and liabilities include a $49.3 million decrease in operating lease liabilities due to recurring lease payments, a $44.5 million increase in deferred commissions resulting from capitalization of incremental commissions paid to our sales force, and a $21.9 million increase in accounts receivable primarily due to the timing of our cash collections. This was partially offset by a $35.2 million decrease in operating right-of-use assets due to amortization, a $32.7 million increase in deferred revenue, and a $6.8 million decrease in other assets.

Investing Activities

Cash used in investing activities of $82.8 million for the year ended January 31, 2024 was primarily driven by $169.4 million in purchases of short-term investments that were partially offset by $108.0 million in maturities of short-term investments, $16.6 million in capitalized internally developed software costs, $2.7 million in cash paid for acquisitions, net of cash acquired, and $1.8 million of fixed asset purchases, net of sale proceeds.

Financing Activities

Cash used in financing activities of $272.9 million for the year ended January 31, 2024 was primarily driven by $177.1 million in repurchases of our common stock, $74.7 million of employee payroll taxes paid related to net share settlement of stock awards, $30.2 million of principal payments of finance lease liabilities, and $14.9 million of dividend payments to preferred stockholders. This was partially offset by $28.2 million from issuances of common stock under our employee equity plans.

Debt

In January 2021, we issued $345.0 million aggregate principal amount of 0.00% convertible senior notes due January 15, 2026. The Convertible Notes are senior unsecured obligations and do not bear regular interest. Each $1,000 principal amount of the Convertible Notes is convertible into 38.7962 shares of our Class A common stock, which is equivalent to a conversion price of approximately $25.78 per share, subject to adjustment upon the occurrence of specified events. We have made an irrevocable election to settle the principal portion of the Convertible Notes only in cash. Accordingly, upon conversion, we will pay the principal in cash and we will pay or deliver, as the case may be, the conversion premium in cash, shares of common stock or a combination of cash and shares of common stock, at our election.

On November 27, 2017, we entered into a secured credit agreement (as amended or otherwise modified from time to time, the “November 2017 Facility”), which provided for a $65.0 million revolving loan facility with a $45.0 million sublimit for the issuance of letters of credit. On June 30, 2023, we entered into an amended and restated credit agreement (the “June 2023 Facility”) to provide for a $150.0 million revolving loan facility and maintain the $45.0 million letter of credit sublimit.

Refer to Note 9 in Part II, Item 8 of this Annual Report on Form 10-K for detailed descriptions of the Convertible Notes, the November 2017 Facility, and the June 2023 Facility.

Series A Convertible Preferred Stock

On April 7, 2021 we entered into an Investment Agreement with KKR and certain other investors relating to the issuance and sale of 500,000 shares of our Series A Convertible Preferred Stock, par value of $0.0001 per share,

62


 

for an aggregate purchase price of $500 million, or $1,000 per share (the “Issuance”). Refer to Note 10 in Part II, Item 8 of this Annual Report on Form 10-K for a detailed description of our Series A Convertible Preferred Stock.

Share Repurchase Plan

In July 2021, our Board of Directors authorized a share repurchase plan to opportunistically repurchase shares of our outstanding Class A common stock in open market transactions. During the year ended January 31, 2024, we repurchased 6.6 million shares at a weighted average price of $27.01 per share for a total amount of $177.0 million. As of January 31, 2024, $63.7 million remained authorized and available for additional repurchases.